Error Safe, Win Antivir Pro 2006 und Drivecleaner 2006 Pop Ups

#1 Das Problm ist dass ich in letzter zeit häufig Pop Ups mit der aufforderung errorsafe zu istallieren oder Win Antivir Pro 2006 oder auch Drivecleaner 2006.


Bitte um Hilfe! THX

Hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 01:20:12, on 26.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
F:\WINSOWS\System32\smss.exe
F:\WINSOWS\system32\csrss.exe
F:\WINSOWS\system32\winlogon.exe
F:\WINSOWS\system32\services.exe
F:\WINSOWS\system32\lsass.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\System32\svchost.exe
F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\Explorer.EXE
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINSOWS\system32\spoolsv.exe
F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINSOWS\system32\svchost.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\WINSOWS\system32\ctfmon.exe
F:\WINSOWS\System32\alg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
F:\WINSOWS\system32\NOTEPAD.EXE
F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINSOWS\system32\cbihwpnf.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINSOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] F:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: T-Online.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Widgets\YahooWidgetEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINSOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe






Combo Fix Log:



"Dennis Dziadkowiak" - 07-03-26 1:03:09 Service Pack 2
ComboFix 07-03-23 - Running from: "F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


"F:\WINSOWS\system32\ssqrs.dll"


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


F:\WINSOWS\NDNuninstall6_38.exe
F:\WINSOWS\NDNuninstall7_22.exe
F:\WINSOWS\NDNuninstall7_48.exe
F:\Programme\install.log


((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))


2007-03-25 16:01 463,968 ---hs---- F:\WINSOWS\system32\srqss.ini2
2007-03-23 18:14 446,014 ---hs---- F:\WINSOWS\system32\srqss.bak2
2007-03-23 17:00 3,426,072 --a------ F:\WINSOWS\system\d3dx9_32.dll
2007-03-22 18:15 123,972 --a------ F:\WINSOWS\system32\cbihwpnf.dll
2007-03-22 18:13 445,083 ---hs---- F:\WINSOWS\system32\srqss.bak1
2007-03-22 18:07 26,697 --a------ F:\WINSOWS\system32\ddcyxvs.dll
2007-03-21 12:15 <DIR> d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\Leadertech
2007-03-17 20:10 34,880 --a------ F:\WINSOWS\system32\GDIPFONTCACHEV1.DAT
2007-03-16 02:13 <DIR> d-------- F:\Programme\QuickLaunch
2007-03-16 01:46 <DIR> d-------- F:\Programme\Yahoo!
2007-03-15 20:14 <DIR> d-------- F:\Programme\Stardock
2007-03-12 00:08 <DIR> d-------- F:\Programme\Gemeinsame Dateien\SWF Studio
2007-03-10 19:19 <DIR> d-------- F:\Programme\DEUTSCHLAND SPIELT
2007-03-10 19:18 <DIR> d-------- F:\Programme\OXXOGames
2007-03-10 16:14 1 --a------ F:\DOKUME~1\DENNIS~1\SI.bin
2007-03-06 18:32 <DIR> d-------- F:\Programme\Alawar
2007-03-02 19:45 <DIR> d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Aspyr
2007-03-01 21:04 68,888 --a------ F:\WINSOWS\system32\xinput1_3.dll
2007-03-01 21:04 62,744 --a------ F:\WINSOWS\system32\xinput1_2.dll
2007-03-01 21:04 237,848 --a------ F:\WINSOWS\system32\xactengine2_4.dll
2007-03-01 21:04 236,824 --a------ F:\WINSOWS\system32\xactengine2_3.dll
2007-03-01 21:04 2,414,360 --a------ F:\WINSOWS\system32\d3dx9_31.dll
2007-03-01 21:04 15,128 --a------ F:\WINSOWS\system32\x3daudio1_1.dll
2007-02-26 21:41 <DIR> d-------- F:\Programme\Everest Poker


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-25 14:33 70580 --a------ F:\WINSOWS\system32\perfc007.dat
2007-03-25 14:33 405118 --a------ F:\WINSOWS\system32\perfh007.dat
2007-03-23 17:38 -------- d--h----- F:\Programme\installshield installation information
2007-03-16 04:33 86 --ahs---- F:\DOKUME~1\DENNIS~1\ANWEND~1\desktop.ini
2007-03-15 20:33 219648 --a------ F:\WINSOWS\system32\uxtheme.dll
2007-03-14 16:37 -------- d-------- F:\Programme\Gemeinsame Dateien\symantec shared
2007-03-14 16:31 48776 --a------ F:\WINSOWS\system32\s32evnt1.dll
2007-03-14 16:31 115000 --a------ F:\WINSOWS\system32\drivers\SYMEVENT.SYS
2007-03-14 16:31 -------- d-------- F:\Programme\symantec
2007-03-11 23:36 1386496 --a------ F:\WINSOWS\system32\msvbvm60.dll
2007-03-10 16:44 -------- d-------- F:\Programme\leechftp
2007-03-09 14:52 90 --a------ F:\DOKUME~1\DENNIS~1\ANWEND~1\wklnhst.dat
2007-03-02 15:49 -------- d-------- F:\Programme\themexp
2007-02-24 00:41 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icqlite
2007-02-23 21:22 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icq toolbar
2007-02-16 00:13 -------- d-------- F:\Programme\regcleaner
2007-02-15 20:52 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\getrighttogo
2007-02-12 18:22 538256 --a------ F:\WINSOWS\system32\symneti.dll
2007-02-12 18:22 31888 --a------ F:\WINSOWS\system32\drivers\symids.sys
2007-02-12 18:22 28304 --a------ F:\WINSOWS\system32\drivers\symndis.sys
2007-02-12 18:22 24720 --a------ F:\WINSOWS\system32\drivers\symredrv.sys
2007-02-12 18:22 196752 --a------ F:\WINSOWS\system32\drivers\symtdi.sys
2007-02-12 18:22 161424 --a------ F:\WINSOWS\system32\symredir.dll
2007-02-12 18:22 12944 --a------ F:\WINSOWS\system32\drivers\symdns.sys
2007-02-12 18:22 110736 --a------ F:\WINSOWS\system32\drivers\symfw.sys
2007-02-09 01:03 -------- d-------- F:\Programme\partygaming.net
2007-01-26 21:48 -------- dr-h----- F:\DOKUME~1\DENNIS~1\ANWEND~1\securom
2007-01-19 02:22 1320 --a------ F:\WINSOWS\system32\ealregsnapshot1.reg
2007-01-19 02:22 1270 --a------ F:\WINSOWS\system32\ealregsnapshot2.reg
2007-01-17 16:44 8 --a------ F:\WINSOWS\winxfigt.sys
2007-01-12 19:04 286720 --a------ F:\WINSOWS\iun506.exe
2007-01-08 20:01 17408 --a------ F:\WINSOWS\system32\corpol.dll
2007-01-01 20:14 737280 --a------ F:\WINSOWS\iun6002.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="F:\\WINSOWS\\system32\\ctfmon.exe"
"STYLEXP"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundService"="rundll32.exe \"F:\\WINSOWS\\system32\\cbihwpnf.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"F:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="F:\\WINSOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="F:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipoint"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Microsoft IntelliPoint\\ipoint.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 F:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="E:\\Programme\\Valve\\Steam\\\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="autostart"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Tweak-XP Pro 4\\autostart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Save\\Save.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=dword:00000003
"TODslService"=dword:00000003
"GEARSecurity"=dword:00000002
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"NSCService"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{28CEA1DA-2199-4AEE-BA75-9032C8450B66}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesRecycleBin"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoRecentDocsMenu"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsHistory"=dword:00000000
"NoCDBurning"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
F:\WINSOWS\tasks\Norton AntiVirus - Vollst„ndige Systempr�fung ausf�hren - Dennis Dziadkowiak.job
F:\WINSOWS\tasks\Norton SystemWorks One Button Checkup.job
F:\WINSOWS\tasks\Symantec Drmc.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-26 1:17:48

#2 Das ist Vundo. Nutze ersteinmal vundofix: http://virus-protect.org/artikel/tools/vundofixx.html

danach nochmal bitte die Logs frisch erstellen und posten. Vorhher aber bitte hijackthis.exe in test.com oder aehnlichem umbenennen.
__________
MfG Ralf
SEO-Spam Hunter

#3 Danke für die schnelle Hilfe....

Hier die Logs:


Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 13:44:11, on 26.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
F:\WINSOWS\System32\smss.exe
F:\WINSOWS\system32\winlogon.exe
F:\WINSOWS\system32\services.exe
F:\WINSOWS\system32\lsass.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\System32\svchost.exe
F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
F:\WINSOWS\Explorer.EXE
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINSOWS\system32\spoolsv.exe
F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINSOWS\system32\svchost.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\WINSOWS\system32\ctfmon.exe
F:\WINSOWS\system32\NOTEPAD.EXE
F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop\test.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: (no name) - {28CEA1DA-2199-4AEE-BA75-9032C8450B66} - F:\WINSOWS\system32\ddcyxvs.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4EFB9A78-2B36-4BF4-9F70-51EAFA65FF04} - F:\WINSOWS\system32\awvvs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C62FF4A4-E315-4B1A-8E8B-0471716F74EE} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINSOWS\system32\cbihwpnf.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINSOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] F:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: T-Online.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Widgets\YahooWidgetEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: ddcyxvs - F:\WINSOWS\SYSTEM32\ddcyxvs.dll
O20 - Winlogon Notify: ssqrs - F:\WINSOWS\system32\ssqrs.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINSOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe



...und Combo Fix:


"Dennis Dziadkowiak" - 07-03-26 13:32:11 Service Pack 2
ComboFix 07-03-23 - Running from: "F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))


2007-03-26 13:03 <DIR> d-------- F:\VundoFix Backups
2007-03-25 16:01 463,968 ---hs---- F:\WINSOWS\system32\srqss.ini2
2007-03-23 18:14 446,014 ---hs---- F:\WINSOWS\system32\srqss.bak2
2007-03-23 17:00 3,426,072 --a------ F:\WINSOWS\system\d3dx9_32.dll
2007-03-22 18:15 123,972 --a------ F:\WINSOWS\system32\cbihwpnf.dll
2007-03-22 18:13 445,083 ---hs---- F:\WINSOWS\system32\srqss.bak1
2007-03-22 18:07 26,697 --a------ F:\WINSOWS\system32\ddcyxvs.dll
2007-03-21 12:15 <DIR> d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\Leadertech
2007-03-17 20:10 34,880 --a------ F:\WINSOWS\system32\GDIPFONTCACHEV1.DAT
2007-03-16 02:13 <DIR> d-------- F:\Programme\QuickLaunch
2007-03-16 01:46 <DIR> d-------- F:\Programme\Yahoo!
2007-03-15 20:14 <DIR> d-------- F:\Programme\Stardock
2007-03-12 00:08 <DIR> d-------- F:\Programme\Gemeinsame Dateien\SWF Studio
2007-03-10 19:19 <DIR> d-------- F:\Programme\DEUTSCHLAND SPIELT
2007-03-10 19:18 <DIR> d-------- F:\Programme\OXXOGames
2007-03-10 16:14 1 --a------ F:\DOKUME~1\DENNIS~1\SI.bin
2007-03-06 18:32 <DIR> d-------- F:\Programme\Alawar
2007-03-02 19:45 <DIR> d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Aspyr
2007-03-01 21:04 68,888 --a------ F:\WINSOWS\system32\xinput1_3.dll
2007-03-01 21:04 62,744 --a------ F:\WINSOWS\system32\xinput1_2.dll
2007-03-01 21:04 237,848 --a------ F:\WINSOWS\system32\xactengine2_4.dll
2007-03-01 21:04 236,824 --a------ F:\WINSOWS\system32\xactengine2_3.dll
2007-03-01 21:04 2,414,360 --a------ F:\WINSOWS\system32\d3dx9_31.dll
2007-03-01 21:04 15,128 --a------ F:\WINSOWS\system32\x3daudio1_1.dll
2007-02-26 21:41 <DIR> d-------- F:\Programme\Everest Poker


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-25 14:33 70580 --a------ F:\WINSOWS\system32\perfc007.dat
2007-03-25 14:33 405118 --a------ F:\WINSOWS\system32\perfh007.dat
2007-03-23 17:38 -------- d--h----- F:\Programme\installshield installation information
2007-03-16 04:33 86 --ahs---- F:\DOKUME~1\DENNIS~1\ANWEND~1\desktop.ini
2007-03-15 20:33 219648 --a------ F:\WINSOWS\system32\uxtheme.dll
2007-03-14 16:37 -------- d-------- F:\Programme\Gemeinsame Dateien\symantec shared
2007-03-14 16:31 48776 --a------ F:\WINSOWS\system32\s32evnt1.dll
2007-03-14 16:31 115000 --a------ F:\WINSOWS\system32\drivers\SYMEVENT.SYS
2007-03-14 16:31 -------- d-------- F:\Programme\symantec
2007-03-11 23:36 1386496 --a------ F:\WINSOWS\system32\msvbvm60.dll
2007-03-10 16:44 -------- d-------- F:\Programme\leechftp
2007-03-09 14:52 90 --a------ F:\DOKUME~1\DENNIS~1\ANWEND~1\wklnhst.dat
2007-03-02 15:49 -------- d-------- F:\Programme\themexp
2007-02-24 00:41 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icqlite
2007-02-23 21:22 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icq toolbar
2007-02-16 00:13 -------- d-------- F:\Programme\regcleaner
2007-02-15 20:52 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\getrighttogo
2007-02-12 18:22 538256 --a------ F:\WINSOWS\system32\symneti.dll
2007-02-12 18:22 31888 --a------ F:\WINSOWS\system32\drivers\symids.sys
2007-02-12 18:22 28304 --a------ F:\WINSOWS\system32\drivers\symndis.sys
2007-02-12 18:22 24720 --a------ F:\WINSOWS\system32\drivers\symredrv.sys
2007-02-12 18:22 196752 --a------ F:\WINSOWS\system32\drivers\symtdi.sys
2007-02-12 18:22 161424 --a------ F:\WINSOWS\system32\symredir.dll
2007-02-12 18:22 12944 --a------ F:\WINSOWS\system32\drivers\symdns.sys
2007-02-12 18:22 110736 --a------ F:\WINSOWS\system32\drivers\symfw.sys
2007-02-09 01:03 -------- d-------- F:\Programme\partygaming.net
2007-01-26 21:48 -------- dr-h----- F:\DOKUME~1\DENNIS~1\ANWEND~1\securom
2007-01-19 02:22 1320 --a------ F:\WINSOWS\system32\ealregsnapshot1.reg
2007-01-19 02:22 1270 --a------ F:\WINSOWS\system32\ealregsnapshot2.reg
2007-01-17 16:44 8 --a------ F:\WINSOWS\winxfigt.sys
2007-01-12 19:04 286720 --a------ F:\WINSOWS\iun506.exe
2007-01-08 20:01 17408 --a------ F:\WINSOWS\system32\corpol.dll
2007-01-01 20:14 737280 --a------ F:\WINSOWS\iun6002.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="F:\\WINSOWS\\system32\\ctfmon.exe"
"STYLEXP"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundService"="rundll32.exe \"F:\\WINSOWS\\system32\\cbihwpnf.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"F:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="F:\\WINSOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="F:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipoint"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Microsoft IntelliPoint\\ipoint.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 F:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="E:\\Programme\\Valve\\Steam\\\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="autostart"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Tweak-XP Pro 4\\autostart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Save\\Save.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=dword:00000003
"TODslService"=dword:00000003
"GEARSecurity"=dword:00000002
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"NSCService"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{28CEA1DA-2199-4AEE-BA75-9032C8450B66}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesRecycleBin"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoRecentDocsMenu"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsHistory"=dword:00000000
"NoCDBurning"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
F:\WINSOWS\tasks\Norton AntiVirus - Vollst„ndige Systempr�fung ausf�hren - Dennis Dziadkowiak.job
F:\WINSOWS\tasks\Norton SystemWorks One Button Checkup.job
F:\WINSOWS\tasks\Symantec Drmc.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-26 13:40:14
F:\ComboFix2.txt ... 07-03-26 01:17

#4 Kaoz77

«
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

«
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier die logs:

system32 :

27.03.2007 21:21 599.990 lmllm.ini2
27.03.2007 21:16 1.710.672 fnpwhibc.ini
27.03.2007 21:13 2.206 wpa.dbl
27.03.2007 21:11 599.581 lmllm.ini
27.03.2007 20:56 26.730 xxywuvs.dll
27.03.2007 15:04 48.708 tqyvxxuf.dll
27.03.2007 15:04 606.786 lmllm.bak1
26.03.2007 21:30 446.411 lmllm.tmp
26.03.2007 15:03 280.676 mllml.dll
26.03.2007 01:09 463.968 srqss.ini2
25.03.2007 14:33 392.296 perfh009.dat
25.03.2007 14:33 58.596 perfc009.dat
25.03.2007 14:33 405.118 perfh007.dat
25.03.2007 14:33 70.580 perfc007.dat
25.03.2007 14:33 938.224 PerfStringBackup.INI
25.03.2007 14:33 446.014 srqss.bak2
24.03.2007 21:38 143 mcrh.tmp
23.03.2007 15:30 445.714 srqss.ini
22.03.2007 19:01 445.714 srqss.tmp
22.03.2007 18:15 123.972 cbihwpnf.dll
22.03.2007 18:13 445.083 srqss.bak1
22.03.2007 18:07 26.697 ddcyxvs.dll
17.03.2007 20:10 34.880 GDIPFONTCACHEV1.DAT
17.03.2007 20:09 160.344 FNTCACHE.DAT
16.03.2007 04:33 45 desktop.ini
15.03.2007 20:33 219.648 uxtheme.dll
14.03.2007 16:31 48.776 S32EVNT1.DLL
11.03.2007 23:36 1.386.496 msvbvm60.dll
07.03.2007 22:36 12.619.736 MRT.exe
16.02.2007 13:24 122.142 TZLog.log
12.02.2007 18:22 538.256 SymNeti.dll
12.02.2007 18:22 161.424 SymRedir.dll
29.01.2007 10:58 60.416 tzchange.exe
23.01.2007 21:30 546.304 hhctrl.ocx
19.01.2007 02:22 1.320 ealregsnapshot1.reg
19.01.2007 02:22 1.270 ealregsnapshot2.reg
13.01.2007 14:54 185.952 rmoc3260.dll


systemtemp:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\DOKUME~1\DENNIS~1\LOKALE~1\Temp

system:

27.03.2007 21:17 1.283.824 WindowsUpdate.log
27.03.2007 21:15 0 0.log
27.03.2007 21:15 159 wiadebug.log
27.03.2007 21:14 50 wiaservc.log
27.03.2007 21:13 2.048 bootstat.dat
27.03.2007 21:12 32.546 SchedLgU.Txt
25.03.2007 03:46 185.412 setupact.log
21.03.2007 21:16 77.761 wmsetup.log
21.03.2007 14:17 766 win.ini
16.03.2007 17:10 116 NeroDigital.ini
16.03.2007 04:33 45 desktop.ini
16.03.2007 03:51 616.553 setupapi.log
16.03.2007 03:22 227 system.ini
15.03.2007 14:27 713.709 iis6.log
15.03.2007 14:27 221.024 comsetup.log
15.03.2007 14:27 133.083 ntdtcsetup.log
15.03.2007 14:27 294.776 tsoc.log
15.03.2007 14:27 1.374 imsins.log
15.03.2007 14:27 32.508 tabletoc.log
15.03.2007 14:27 35.270 ocmsn.log
15.03.2007 14:27 23.832 KB929338.log
15.03.2007 14:27 111.534 netfxocm.log
15.03.2007 14:27 312.142 ocgen.log
15.03.2007 14:27 46.277 MedCtrOC.log
15.03.2007 14:27 31.870 msgsocm.log
15.03.2007 14:27 625.425 FaxSetup.log
15.03.2007 14:27 197.750 msmqinst.log
14.03.2007 21:57 1.374 imsins.BAK
14.03.2007 21:57 13.584 KB929399.log
10.03.2007 17:11 32 autostart.INI
02.03.2007 19:33 391.821 DirectX.log
02.03.2007 17:48 161.274 M6-Schnitzer-Tension_fs1.jpg
16.02.2007 14:15 478 setuplog.txt
16.02.2007 13:25 28.318 KB927779.log
17.01.2007 17:54 528 egirllic15
17.01.2007 16:44 8 winxfigt.sys
17.01.2007 15:50 121.322 ntbtlog.txt
13.01.2007 16:40 4.161 ODBCINST.INI
12.01.2007 19:04 286.720 iun506.exe
08.01.2007 15:56 84.643 spupdsvc.log
27.12.2006 20:30 1.847 DXError.log

tmp:

27.03.2007 21:14 16.384 Perflib_Perfdata_18c.dat
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 608.403.456 Bytes frei

down:
09.11.2006 15:36 5.019 swflash.inf
05.10.2006 22:59 65 desktop.ini
10.04.2000 18:12 1.765 fhg.inf
3 Datei(en) 6.849 Bytes
0 Verzeichnis(se), 608.403.456 Bytes frei


sys:

27.03.2007 21:22 0 sys.txt
27.03.2007 21:22 384 down.txt
27.03.2007 21:22 283 tmp.txt
27.03.2007 21:22 11.727 system.txt
27.03.2007 21:21 130 systemtemp.txt
27.03.2007 21:21 104.564 system32.txt
01.01.2007 20:18 805.306.368 pagefile.sys
09.02.2002 17:05 276 boot.ini
25.01.2002 07:57 0 desktop.ini
9 Datei(en) 805.423.732 Bytes
0 Verzeichnis(se), 608.403.456 Bytes frei

#6 Kaoz77

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{28CEA1DA-2199-4AEE-BA75-9032C8450B66}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SoundService

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EFB9A78-2B36-4BF4-9F70-51EAFA65FF04}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CEA1DA-2199-4AEE-BA75-9032C8450B66}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C62FF4A4-E315-4B1A-8E8B-0471716F74EE}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}
HKLM\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}
HKLM\SOFTWARE\Classes\CLSID\{C62FF4A4-E315-4B1A-8E8B-0471716F74EE}
HKLM\SOFTWARE\Classes\CLSID\{28CEA1DA-2199-4AEE-BA75-9032C8450B66}
HKLM\SOFTWARE\Classes\CLSID\{4EFB9A78-2B36-4BF4-9F70-51EAFA65FF04}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml

Files to delete:
F:\WINSOWS\system32\lmllm.ini2
F:\WINSOWS\system32\fnpwhibc.ini
F:\WINSOWS\system32\lmllm.ini
F:\WINSOWS\system32\xxywuvs.dll
F:\WINSOWS\system32\tqyvxxuf.dll
F:\WINSOWS\system32\lmllm.bak1
F:\WINSOWS\system32\lmllm.tmp
F:\WINSOWS\system32\mllml.dll
F:\WINSOWS\system32\srqss.ini2
F:\WINSOWS\system32\srqss.bak2
F:\WINSOWS\system32\mcrh.tmp
F:\WINSOWS\system32\srqss.ini
F:\WINSOWS\system32\srqss.tmp
F:\WINSOWS\system32\cbihwpnf.dll
F:\WINSOWS\system32\srqss.bak1
F:\WINSOWS\system32\ddcyxvs.dll

Folders to delete:
F:\Programme\PartyGaming.Net
F:\Programme\Everest Poker
F:\Programme\themexp

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
poste noch mal die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Danke für die schnelle hilfe...

Hier die Logs:

system32 log:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\WINSOWS\system32

28.03.2007 15:04 472.141 lmllm.bak2
27.03.2007 21:13 2.206 wpa.dbl
25.03.2007 14:33 392.296 perfh009.dat
25.03.2007 14:33 58.596 perfc009.dat
25.03.2007 14:33 405.118 perfh007.dat
25.03.2007 14:33 70.580 perfc007.dat
25.03.2007 14:33 938.224 PerfStringBackup.INI
17.03.2007 20:10 34.880 GDIPFONTCACHEV1.DAT
17.03.2007 20:09 160.344 FNTCACHE.DAT
16.03.2007 04:33 45 desktop.ini
15.03.2007 20:33 219.648 uxtheme.dll
14.03.2007 16:31 48.776 S32EVNT1.DLL
11.03.2007 23:36 1.386.496 msvbvm60.dll
07.03.2007 22:36 12.619.736 MRT.exe
16.02.2007 13:24 122.142 TZLog.log
12.02.2007 18:22 538.256 SymNeti.dll
12.02.2007 18:22 161.424 SymRedir.dll
29.01.2007 10:58 60.416 tzchange.exe
23.01.2007 21:30 546.304 hhctrl.ocx
19.01.2007 02:22 1.320 ealregsnapshot1.reg
19.01.2007 02:22 1.270 ealregsnapshot2.reg
13.01.2007 14:54 185.952 rmoc3260.dll
13.01.2007 14:53 5.632 pndx5032.dll
13.01.2007 14:53 6.656 pndx5016.dll
13.01.2007 14:53 278.528 pncrt.dll
12.01.2007 10:27 477.696 mshtmled.dll
12.01.2007 10:27 458.752 msfeeds.dll
12.01.2007 10:27 3.580.416 mshtml.dll
12.01.2007 10:27 232.960 webcheck.dll
12.01.2007 10:27 27.136 jsproxy.dll
12.01.2007 10:27 51.712 msfeedsbs.dll
12.01.2007 10:27 132.608 extmgr.dll
12.01.2007 10:27 670.720 mstime.dll
12.01.2007 10:27 822.784 wininet.dll
12.01.2007 10:27 6.054.400 ieframe.dll
12.01.2007 10:27 1.149.952 urlmon.dll
10.01.2007 18:42 1.040.384 ieframe.dll.mui
08.01.2007 20:04 105.984 url.dll
08.01.2007 20:04 102.400 occache.dll
08.01.2007 20:03 193.024 msrating.dll
08.01.2007 20:02 1.823.744 inetcpl.cpl
08.01.2007 20:02 266.752 iertutil.dll
08.01.2007 20:02 44.544 iernonce.dll
08.01.2007 20:02 161.792 ieakui.dll
08.01.2007 20:02 384.000 iedkcs32.dll
08.01.2007 20:02 230.400 ieaksie.dll
08.01.2007 20:02 383.488 ieapfltr.dll
08.01.2007 20:02 153.088 ieakeng.dll
08.01.2007 20:01 17.408 corpol.dll
08.01.2007 20:00 124.928 advpack.dll
08.01.2007 19:08 56.832 ie4uinit.exe
08.01.2007 19:08 13.824 ieudinit.exe
19.12.2006 23:49 135.168 shsvcs.dll
19.12.2006 23:49 8.494.592 shell32.dll
19.12.2006 20:21 2.182.656 ntoskrnl.exe
19.12.2006 20:21 2.059.904 ntkrnlpa.exe
19.12.2006 20:17 334.336 wiaservc.dll
04.12.2006 16:21 414.720 msscp.dll
02.12.2006 14:45 16.832 amcompat.tlb
02.12.2006 14:45 23.392 nscompat.tlb
.........................................................................................................

systemtemp:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\DOKUME~1\DENNIS~1\LOKALE~1\Temp

28.03.2007 11:38 416 java_install_reg.log
28.03.2007 00:14 58.768 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND
28.03.2007 00:14 58.284 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
28.03.2007 00:14 46.956 WaterSurface.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
28.03.2007 00:14 46.000 Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
28.03.2007 00:14 53.856 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
28.03.2007 00:14 56.496 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR
28.03.2007 00:14 52.928 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL
28.03.2007 00:14 56.612 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
28.03.2007 00:14 25.688 Mirror.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
28.03.2007 00:14 34.360 Standard13.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
28.03.2007 00:14 41.132 Standard20.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
28.03.2007 00:14 51.180 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION
28.03.2007 00:14 25.500 Mirror.fxV2_Q20_MESH_STANDARD_MIRROR
28.03.2007 00:14 34.360 Standard13.fxV2_Q20_MESH_STANDARD_MIRROR
28.03.2007 00:14 41.132 Standard20.fxV2_Q20_MESH_STANDARD_MIRROR
28.03.2007 00:14 61.736 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION
28.03.2007 00:14 57.080 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION
28.03.2007 00:14 54.192 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
28.03.2007 00:14 50.888 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
28.03.2007 00:14 47.172 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE
28.03.2007 00:14 23.336 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE
28.03.2007 00:14 44.184 Standard20.fxV2_Q20_MESH_STANDARD_BUMP
28.03.2007 00:14 51.488 Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX_SPECULAR
28.03.2007 00:14 23.828 Glow20.fxV2_Q20_MESH_RIGID
28.03.2007 00:14 58.272 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
28.03.2007 00:14 39.016 Glass.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
28.03.2007 00:14 49.708 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP
28.03.2007 00:14 56.412 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
28.03.2007 00:14 55.212 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION
28.03.2007 00:14 50.124 Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP
28.03.2007 00:14 52.016 Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_REFLECTION
28.03.2007 00:14 47.080 Standard20.fxV2_Q20_MESH_RIGID_BLEND
28.03.2007 00:14 26.480 Glow20.fxV2_Q20_MESH_RIGID_BLEND
28.03.2007 00:14 50.808 Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR
28.03.2007 00:14 53.772 Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR
28.03.2007 00:14 70.832 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
28.03.2007 00:14 34.392 Cloth20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
28.03.2007 00:13 64.424 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
28.03.2007 00:13 41.300 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
28.03.2007 00:13 47.668 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:13 33.088 Cloth20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:13 41.516 Standard20.fxV2_Q20_MESH_RIGID
28.03.2007 00:13 60.188 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
28.03.2007 00:13 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR
28.03.2007 00:13 53.396 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION
28.03.2007 00:13 29.256 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION
28.03.2007 00:13 47.896 Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION
28.03.2007 00:13 27.796 Glow20.fxV2_Q20_MESH_STANDARD_REFLECTION
28.03.2007 00:09 29.384 StaticShadow.fxV2_Q20_MESH_STANDARD
28.03.2007 00:09 46.772 Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION
28.03.2007 00:09 47.492 Standard20.fxV2_Q20_MESH_TWEENED_BLEND
28.03.2007 00:09 22.868 Glow20.fxV2_Q20_MESH_TWEENED_BLEND
28.03.2007 00:09 50.316 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_ILLUMINATION
28.03.2007 00:09 52.344 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ILLUMINATION
28.03.2007 00:09 58.904 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
28.03.2007 00:09 56.940 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
28.03.2007 00:09 53.192 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR
28.03.2007 00:09 26.996 ScatterBillboard.fxV2_Q20_MESH_STANDARD_BLEND
28.03.2007 00:09 50.176 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR
28.03.2007 00:09 50.972 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
28.03.2007 00:09 54.664 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
28.03.2007 00:09 25.352 Bad.fxV2_Q20_MESH_STANDARD_ZBUFFERWRITE
28.03.2007 00:09 47.668 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR
28.03.2007 00:09 44.676 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR
28.03.2007 00:09 66.992 Standard20.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D
28.03.2007 00:09 35.328 Glass.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D
28.03.2007 00:09 32.032 Cloth20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 65.460 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 40.168 Skin20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 31.728 Cloth20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 38.636 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
28.03.2007 00:09 65.460 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
28.03.2007 00:09 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
28.03.2007 00:09 38.636 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
28.03.2007 00:09 44.536 Standard20.fxV2_Q20_MESH_RIGID_BUMP
28.03.2007 00:09 45.220 Standard20.fxV2_Q20_MESH_RIGID_SPECULAR
28.03.2007 00:09 48.184 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR
28.03.2007 00:09 56.244 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
28.03.2007 00:09 60.304 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
28.03.2007 00:09 51.440 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION
28.03.2007 00:09 47.468 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
28.03.2007 00:09 23.460 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
28.03.2007 00:09 46.932 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL
28.03.2007 00:09 22.824 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL
28.03.2007 00:09 46.632 Standard20.fxV2_Q20_MESH_STANDARD_BLEND
28.03.2007 00:09 22.696 Glow20.fxV2_Q20_MESH_STANDARD_BLEND
28.03.2007 00:09 41.132 Standard20.fxV2_Q20_MESH_STANDARD
28.03.2007 00:09 21.236 Glow20.fxV2_Q20_MESH_STANDARD
28.03.2007 00:09 29.852 StaticShadowTextureShadow.fxV2_Q20_MESH_STANDARD_BLEND
28.03.2007 00:09 32.076 StaticShadow.fxV2_Q20_MESH_STANDARD_BLEND
28.03.2007 00:09 33.808 Sprite.fxV2_Q20_SPRITES
28.03.2007 00:07 232 _isdelet.ini
14.11.2005 03:24 121.064 set2.tmp
95 Datei(en) 4.300.392 Bytes
0 Verzeichnis(se), 617.074.688 Bytes frei
.........................................................................................................

system:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\WINSOWS

28.03.2007 17:24 1.303.500 WindowsUpdate.log
28.03.2007 17:16 0 0.log
28.03.2007 17:16 157 wiadebug.log
28.03.2007 17:16 50 wiaservc.log
28.03.2007 17:16 2.048 bootstat.dat
28.03.2007 17:15 32.546 SchedLgU.Txt
25.03.2007 03:46 185.412 setupact.log
21.03.2007 21:16 77.761 wmsetup.log
21.03.2007 14:17 766 win.ini
16.03.2007 17:10 116 NeroDigital.ini
16.03.2007 04:33 45 desktop.ini
16.03.2007 03:51 616.553 setupapi.log
16.03.2007 03:22 227 system.ini
15.03.2007 14:27 713.709 iis6.log
15.03.2007 14:27 221.024 comsetup.log
15.03.2007 14:27 133.083 ntdtcsetup.log
15.03.2007 14:27 294.776 tsoc.log
15.03.2007 14:27 1.374 imsins.log
15.03.2007 14:27 32.508 tabletoc.log
15.03.2007 14:27 35.270 ocmsn.log
15.03.2007 14:27 23.832 KB929338.log
15.03.2007 14:27 111.534 netfxocm.log
15.03.2007 14:27 312.142 ocgen.log
15.03.2007 14:27 46.277 MedCtrOC.log
15.03.2007 14:27 31.870 msgsocm.log
15.03.2007 14:27 625.425 FaxSetup.log
15.03.2007 14:27 197.750 msmqinst.log
14.03.2007 21:57 1.374 imsins.BAK
14.03.2007 21:57 13.584 KB929399.log
10.03.2007 17:11 32 autostart.INI
02.03.2007 19:33 391.821 DirectX.log
02.03.2007 17:48 161.274 M6-Schnitzer-Tension_fs1.jpg
16.02.2007 14:15 478 setuplog.txt
16.02.2007 13:25 28.318 KB927779.log
16.02.2007 13:25 59.309 updspapi.log
16.02.2007 13:25 25.305 KB927802.log
16.02.2007 13:25 25.100 KB928255.log
16.02.2007 13:24 21.492 KB924667.log
16.02.2007 13:24 33.925 KB931836.log
16.02.2007 13:24 23.432 KB926436.log
16.02.2007 13:24 14.970 KB928090-IE7.log
16.02.2007 13:23 20.742 KB918118.log
16.02.2007 13:22 20.266 KB928843.log
24.01.2007 23:22 447 EAGRAPH.INI
17.01.2007 23:42 4.405 KB929969.log
17.01.2007 17:54 528 egirllic15
17.01.2007 16:44 8 winxfigt.sys
17.01.2007 15:50 121.322 ntbtlog.txt
13.01.2007 16:40 4.161 ODBCINST.INI
12.01.2007 19:04 286.720 iun506.exe
08.01.2007 15:56 84.643 spupdsvc.log
08.01.2007 15:54 18.258 ie7_main.log
08.01.2007 15:53 58.167 ie7.log
08.01.2007 15:51 7.737 IDNMitigationAPIs.log
08.01.2007 15:50 7.393 NLSDownlevelMapping.log
08.01.2007 15:50 5.335 KB915865.log
01.01.2007 20:14 737.280 iun6002.exe
27.12.2006 20:30 1.847 DXError.log
25.12.2006 23:56 10 WININIT.INI
18.12.2006 04:02 36.208 KB925454.log
18.12.2006 04:02 27.332 KB925398.log
18.12.2006 04:01 28.927 KB926255.log
18.12.2006 04:01 29.063 KB923694.log
18.12.2006 01:21 0 vpd.properties
02.12.2006 00:17 2.617 wmsetup10.log
02.12.2006 00:17 8.975 KB926239.log
02.12.2006 00:16 6.889 MSCompPackV1.log
02.12.2006 00:16 20.135 wmp11.log
02.12.2006 00:15 29.163 WMFDist11.log
02.12.2006 00:15 316.640 WMSysPr9.prx
02.12.2006 00:14 14.180 Wudf01000Inst.log
.........................................................................................................

tmp:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\WINSOWS\Temp

28.03.2007 17:16 16.384 Perflib_Perfdata_7ec.dat
27.03.2007 21:14 16.384 Perflib_Perfdata_18c.dat
2 Datei(en) 32.768 Bytes
0 Verzeichnis(se), 617.078.784 Bytes frei
.........................................................................................................

down:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\WINSOWS\Downloaded Program Files

09.11.2006 15:36 5.019 swflash.inf
05.10.2006 22:59 65 desktop.ini
10.04.2000 18:12 1.765 fhg.inf
3 Datei(en) 6.849 Bytes
0 Verzeichnis(se), 617.078.784 Bytes frei
.........................................................................................................

und... sys:

Datentr„ger in Laufwerk F: ist RECOVER
Volumeseriennummer: 206B-ECB6

Verzeichnis von F:\

28.03.2007 17:33 0 sys.txt
28.03.2007 17:33 384 down.txt
28.03.2007 17:33 345 tmp.txt
28.03.2007 17:33 11.727 system.txt
28.03.2007 17:33 8.646 systemtemp.txt
28.03.2007 17:33 103.843 system32.txt
28.03.2007 17:16 9.488 avenger.txt
01.01.2007 20:18 805.306.368 pagefile.sys
09.02.2002 17:05 276 boot.ini
25.01.2002 07:57 0 desktop.ini
10 Datei(en) 805.441.077 Bytes
0 Verzeichnis(se), 617.078.784 Bytes frei

#8 ««
Avenger

Zitat

Files to delete:
F:\WINSOWS\system32\lmllm.bak2

»»
scanne und poste den scanreport
http://virus-protect.org/counterspy1.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo!

Ich hatte (habe) das gleiche Problem, wie oben beschrieben.
vundofix und cleanup habe ich bereits ausgeführt...

Hier die Logfiles:

Zitat

Combofix:

"Roy" - 2007-05-24 9:54:24 Service Pack 2
ComboFix 07-05.24.4.V - Running from: "C:\Dokumente und Einstellungen\Roy\Eigene Dateien\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\packet.dll"
"C:\WINDOWS\system32\pthreadVC.dll"
"C:\WINDOWS\system32\WanPacket.dll"
"C:\WINDOWS\system32\wpcap.dll"
"C:\WINDOWS\setup.exe"
"C:\WINDOWS\system32\drivers\npf.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NPF


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-24 09:45 <DIR> d-------- C:\avenger
2007-05-24 09:26 <DIR> d-------- C:\VundoFix Backups
2007-05-18 14:14 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-05-18 14:14 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-05-18 14:14 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-17 21:28 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-17 21:21 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-17 21:21 <DIR> d-------- C:\Programme\Microsoft.NET
2007-05-17 21:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ODBC
2007-05-17 14:17 <DIR> d-------- C:\Acernb
2007-05-17 14:15 <DIR> d-------- C:\Programme\SMSC
2007-05-17 13:01 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-17 13:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-05-17 12:54 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\Nokia Multimedia Player
2007-05-17 12:23 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-05-17 12:23 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-05-17 12:23 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-05-17 11:46 <DIR> d-------- C:\DOKUME~1\Roy\Phone Browser
2007-05-17 11:46 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\Nokia
2007-05-17 11:46 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\DataLayer
2007-05-17 11:45 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\PC Suite
2007-05-17 11:44 <DIR> d-------- C:\Programme\Nokia
2007-05-17 11:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2007-05-17 11:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-05-16 20:26 <DIR> d-------- C:\Programme\AVPersonal
2007-05-16 20:23 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\CDZilla
2007-05-16 19:29 <DIR> d-------- C:\Temp
2007-05-15 17:22 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\CyberLink
2007-05-15 17:21 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink
2007-05-14 19:18 <DIR> d-------- C:\Programme\Nero
2007-05-14 19:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-05-14 19:18 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\Ahead
2007-05-14 19:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
2007-05-04 20:23 <DIR> d-------- C:\DOKUME~1\Roy\ANWEND~1\Skype
2007-05-04 20:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-05-04 20:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
2007-04-25 18:13 <DIR> d--hs---- C:\FOUND.001


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 07:44:18 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-17 19:34:48 77,288 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-17 19:34:48 421,050 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-04-19 04:56:12 -------- d-----w C:\DOKUME~1\Roy\ANWEND~1\Google
2007-04-18 18:05:44 -------- d-----w C:\Programme\Google
2007-04-18 18:05:40 -------- d-----w C:\Programme\Skype
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-28 23:30:12 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-28 20:40:54 -------- d-----w C:\Programme\EA SPORTS
2007-03-24 17:30:32 -------- d-----w C:\Programme\EA GAMES
2007-03-24 17:28:44 -------- d-----w C:\Programme\DAEMON Tools
2007-03-24 17:23:26 96,256 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2007-03-24 17:23:26 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 19:20:42 -------- d--h--w C:\Programme\WindowsUpdate
2007-03-22 19:18:22 -------- d-----w C:\Programme\Huawei technologies
2007-03-21 23:20:48 -------- d-----w C:\Programme\Windows Media Connect 2
2007-03-21 22:54:26 -------- d-----w C:\Programme\WinPCap
2007-03-21 22:54:16 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-03-21 22:38:08 -------- d-----w C:\Programme\Launch Manager
2007-03-21 22:23:50 1,219 ----a-w C:\WINDOWS\HotFix.bat
2007-03-21 21:33:26 -------- d-----w C:\Programme\WIDCOMM
2007-03-21 21:32:06 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-03-17 13:44:26 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 17:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-03-14 17:20:38 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-14 17:20:36 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-14 17:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-14 17:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 11:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-28 18:53:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{E2C4C341-2701-4E54-9DFB-90F69743D0B2}=C:\WINDOWS\system32\pmkjh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:58 C:\WINDOWS\system32\bthprops.cpl]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [2006-03-14 11:33]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"LogitechCameraAssistant"="C:\Programme\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00]
"LogitechVideo[inspector]"="C:\Programme\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]
"SetIcon"="\Program Files\SMSC\Seticon.exe" []
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"voip phone charger"="C:\Programme\Acer\VoIP Phone Charger\voip phone charger.exe" [2006-01-10 17:46]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-09-26 17:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"YASU"="C:\WINDOWS\YASU.exe" [2006-11-17 01:01]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"DataLayer"="C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:57]
"AGRSMMSG"="AGRSMMSG.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f397528-dae6-11db-aad8-0018deab72dd}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fae3ad6-d8b2-11db-aacc-0018deab72dd}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fae3ad7-d8b2-11db-aacc-0018deab72dd}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc572f0-e098-11db-aae3-0018deab72dd}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc572f1-e098-11db-aae3-0018deab72dd}]
AutoRun\command- M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad4c8a7c-dc90-11db-aadb-0018deab72dd}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad4c8a7d-dc90-11db-aadb-0018deab72dd}]
AutoRun\command- G:\AutoRun.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 09:56:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-05-24 9:57:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 09:57

--- E O F ---

Zitat

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:02:54, on 24.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\GraviSense\GraviSense.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Acer\VoIP Phone Charger\voip phone charger.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\YASU.exe
C:\Programme\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Acer\Acer VCM\AcerVCM.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\DOKUME~1\Roy\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\Roy\Eigene Dateien\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E2C4C341-2701-4E54-9DFB-90F69743D0B2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [voip phone charger] "C:\Programme\Acer\VoIP Phone Charger\voip phone charger.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [YASU] C:\WINDOWS\YASU.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

Zitat

system32.txt:

24.05.2007 09:56 1.158 wpa.dbl
24.05.2007 09:43 4.062 bufojylp.txt
18.05.2007 13:31 261.432 FNTCACHE.DAT
17.05.2007 21:34 64.194 perfc009.dat
17.05.2007 21:34 405.644 perfh009.dat
17.05.2007 21:34 421.050 perfh007.dat
17.05.2007 21:34 77.288 perfc007.dat
17.05.2007 21:34 973.416 PerfStringBackup.INI
17.05.2007 21:21 45 mapisvc.inf
27.04.2007 13:45 14.970.328 MRT.exe
18.04.2007 18:13 2.854.400 msi.dll
16.04.2007 22:47 33.624 wups.dll
16.04.2007 22:47 30.040 wuapi.dll.mui
16.04.2007 22:47 30.040 wuaucpl.cpl.mui
16.04.2007 22:45 1.710.936 wuaueng.dll
16.04.2007 22:45 549.720 wuapi.dll
16.04.2007 22:45 325.976 wucltui.dll
16.04.2007 22:45 216.408 wuaucpl.cpl
16.04.2007 22:45 203.096 wuweb.dll
16.04.2007 22:45 92.504 cdm.dll
16.04.2007 22:45 43.352 wups2.dll
16.04.2007 22:45 20.824 wuaueng.dll.mui
16.04.2007 22:45 53.080 wuauclt.exe
16.04.2007 22:44 34.136 wucltui.dll.mui
03.04.2007 16:28 383.488 ieapfltr.dll
03.04.2007 06:36 2.453.952 ieapfltr.dat
02.04.2007 14:21 428.032 swreg.exe
02.04.2007 07:58 546.304 hhctrl.ocx
22.03.2007 05:48 102.400 SampleGrabber.ax
22.03.2007 03:21 100 LuResult.txt
22.03.2007 01:42 122.142 TZLog.log
22.03.2007 01:20 16.832 amcompat.tlb
22.03.2007 01:20 23.392 nscompat.tlb
22.03.2007 00:54 308 results.txt
21.03.2007 23:29 789 $winnt$.inf
21.03.2007 23:25 3.243 lvcoinst.log
17.03.2007 15:44 293.376 winsrv.dll
14.03.2007 19:19 95.864 NeroCo.dll
09.03.2007 12:24 123.392 xpsp3res.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
07.03.2007 19:40 822.784 wininet.dll
07.03.2007 19:40 1.150.464 urlmon.dll
07.03.2007 19:40 232.960 webcheck.dll
07.03.2007 19:40 477.696 mshtmled.dll
07.03.2007 19:40 193.024 msrating.dll
07.03.2007 19:40 670.720 mstime.dll
07.03.2007 19:40 102.400 occache.dll
07.03.2007 19:40 105.984 url.dll
07.03.2007 19:40 3.581.952 mshtml.dll
07.03.2007 19:40 266.752 iertutil.dll
07.03.2007 19:40 44.544 iernonce.dll
07.03.2007 19:40 1.823.744 inetcpl.cpl
07.03.2007 19:40 27.136 jsproxy.dll
07.03.2007 19:40 51.712 msfeedsbs.dll
07.03.2007 19:40 458.752 msfeeds.dll
07.03.2007 19:40 6.054.400 ieframe.dll
07.03.2007 19:40 124.928 advpack.dll
07.03.2007 19:40 153.088 ieakeng.dll
07.03.2007 19:40 384.000 iedkcs32.dll
07.03.2007 19:40 132.608 extmgr.dll
07.03.2007 19:40 230.400 ieaksie.dll
07.03.2007 10:27 56.832 ie4uinit.exe
28.02.2007 18:06 2.019.840 ntkrnlpa.exe
28.02.2007 18:06 2.140.160 ntoskrnl.exe
27.02.2007 10:20 13.824 ieudinit.exe

Zitat

systemtemp.txt:

24.05.2007 10:02 16.384 ~DFF4C3.tmp
24.05.2007 09:57 16.384 Perflib_Perfdata_1050.dat
24.05.2007 09:57 16.384 Perflib_Perfdata_1108.dat
24.05.2007 09:56 16.384 Perflib_Perfdata_eb0.dat
24.05.2007 09:56 0 JETC17B.tmp
24.05.2007 09:45 500.224 RtkBtMnt.exe

Zitat

system.txt:

24.05.2007 09:57 7.688 ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
24.05.2007 09:56 159 wiadebug.log
24.05.2007 09:56 0 0.log
24.05.2007 09:56 2.048 bootstat.dat
24.05.2007 09:46 1.654 E220AutoRunLog.tmp
24.05.2007 09:44 1.803.874 WindowsUpdate.log
24.05.2007 09:44 50 wiaservc.log
24.05.2007 09:44 32.658 SchedLgU.Txt
24.05.2007 09:44 12 bthservsdp.dat
23.05.2007 17:04 6.970 KB927891.log
23.05.2007 17:04 34.677 ocmsn.log
23.05.2007 17:04 1.374 imsins.log
23.05.2007 17:04 722.823 iis6.log
23.05.2007 17:04 31.150 tabletoc.log
23.05.2007 17:04 215.799 comsetup.log
23.05.2007 17:04 288.163 tsoc.log
23.05.2007 17:04 130.240 ntdtcsetup.log
23.05.2007 17:04 43.080 MedCtrOC.log
23.05.2007 17:04 641.768 FaxSetup.log
23.05.2007 17:04 306.328 ocgen.log
23.05.2007 17:04 107.836 netfxocm.log
23.05.2007 17:04 31.103 msgsocm.log
23.05.2007 17:04 197.634 msmqinst.log
23.05.2007 17:03 59.413 updspapi.log
23.05.2007 16:44 9.680 ModemLog_Nokia 6280 USB #2.txt
23.05.2007 16:38 3.858 ModemLog_Agere Systems HDA Modem.txt
23.05.2007 16:38 131.264 setupapi.log
22.05.2007 19:37 87.040 catchme.exe
20.05.2007 22:09 69 NeroDigital.ini
17.05.2007 22:13 10.484 ModemLog_Nokia 6280 USB.txt
17.05.2007 21:29 400 ODBC.INI
17.05.2007 21:28 681 win.ini
17.05.2007 15:10 6.153 KB885855.log
17.05.2007 14:51 2.039 MSI30-KB884016.log
17.05.2007 14:18 222.868 setupact.log
17.05.2007 14:18 79 QtZgAcer.UNI
16.05.2007 20:43 10.102 ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
14.05.2007 19:18 42.600 wmsetup.log
14.05.2007 19:17 26.673 DirectX.log
13.05.2007 21:34 11.116 ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt
10.05.2007 09:58 1.374 imsins.BAK
10.05.2007 09:58 17.866 KB931768-IE7.log
10.05.2007 09:50 5.957 KB930916.log
02.05.2007 21:25 11.110 ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
10.04.2007 19:58 19.073 KB931784.log
10.04.2007 19:58 12.427 KB931261.log
10.04.2007 19:58 12.737 KB930178.log
10.04.2007 19:58 12.478 KB932168.log
10.04.2007 19:12 6.591 KB935448.log
06.04.2007 10:53 7.886 KB925902.log
05.04.2007 10:14 1.089.649 setupapi.log.0.old
22.03.2007 03:44 231 system.ini
22.03.2007 03:26 2 msoffice.ini
22.03.2007 03:24 13.199 LUINSTALL.LOG
22.03.2007 01:54 37.977 KB929338.log
22.03.2007 01:54 38.214 KB928843.log
22.03.2007 01:54 38.527 KB928255.log
22.03.2007 01:53 36.941 KB927802.log
22.03.2007 01:53 36.670 KB927779.log
22.03.2007 01:53 33.795 KB926436.log
22.03.2007 01:53 33.246 KB926255.log
22.03.2007 01:52 30.774 KB924667.log
22.03.2007 01:52 33.107 KB924270.log
22.03.2007 01:52 31.845 KB924191.log
22.03.2007 01:52 31.967 KB923980.log
22.03.2007 01:51 31.774 KB923694.log
22.03.2007 01:51 31.405 KB923414.log
22.03.2007 01:51 29.205 KB923191.log
22.03.2007 01:50 31.382 KB922819.log
22.03.2007 01:50 29.804 KB922616.log
22.03.2007 01:50 29.374 KB922582.log
22.03.2007 01:50 27.444 KB921398.log
22.03.2007 01:49 27.850 KB920872.log
22.03.2007 01:49 26.466 KB920685.log
22.03.2007 01:49 27.147 KB920683.log
22.03.2007 01:48 25.693 KB920670.log
22.03.2007 01:48 26.341 KB920213.log
22.03.2007 01:48 24.361 KB919007.log
22.03.2007 01:48 24.357 KB918439.log
22.03.2007 01:47 24.487 KB918118.log
22.03.2007 01:47 23.813 KB917953.log
22.03.2007 01:47 23.716 KB917422.log
22.03.2007 01:47 23.072 KB916595.log
22.03.2007 01:46 23.905 KB914389.log
22.03.2007 01:46 23.759 KB914388.log
22.03.2007 01:46 23.913 KB913580.log
22.03.2007 01:45 22.719 KB912919.log
22.03.2007 01:45 21.995 KB911927.log
22.03.2007 01:45 21.486 KB911562.log
22.03.2007 01:45 20.888 KB911280.log
22.03.2007 01:44 20.394 KB910437.log
22.03.2007 01:44 20.814 KB908531.log
22.03.2007 01:44 19.688 KB908519.log
22.03.2007 01:44 20.010 KB905749.log
22.03.2007 01:43 19.685 KB905414.log
22.03.2007 01:43 18.570 KB904706.log
22.03.2007 01:43 24.325 KB902400.log
22.03.2007 01:42 15.139 KB901214.log
22.03.2007 01:42 14.255 KB901190.log
22.03.2007 01:42 14.496 KB901017.log
22.03.2007 01:42 22.601 KB931836.log
22.03.2007 01:41 15.672 KB900725.log
22.03.2007 01:41 11.827 KB900485.log
22.03.2007 01:41 13.726 KB899591.log
22.03.2007 01:41 13.772 KB899587.log
22.03.2007 01:40 13.474 KB898461.log
22.03.2007 01:40 12.630 KB896428.log
22.03.2007 01:40 13.618 KB896424.log
22.03.2007 01:40 12.744 KB896423.log
22.03.2007 01:39 12.733 KB896358.log
22.03.2007 01:39 16.852 KB894391.log
22.03.2007 01:39 10.074 KB893756.log
22.03.2007 01:38 8.267 KB891781.log
22.03.2007 01:38 10.546 KB890859.log
22.03.2007 01:38 6.461 KB888302.log
22.03.2007 01:38 6.195 KB887472.log
22.03.2007 01:37 5.781 KB886185.log
22.03.2007 01:37 5.460 KB885836.log
22.03.2007 01:37 6.186 KB885835.log
22.03.2007 01:36 5.070 KB873339.log
22.03.2007 01:34 11.802 KB928090-IE7.log
22.03.2007 01:34 3.874 KB929969.log
22.03.2007 01:33 6.958 spupdsvc.log
22.03.2007 01:31 14.502 ie7_main.log
22.03.2007 01:31 60.911 ie7.log
22.03.2007 01:29 8.058 IDNMitigationAPIs.log
22.03.2007 01:29 7.814 NLSDownlevelMapping.log
22.03.2007 01:29 5.306 KB915865.log
22.03.2007 01:22 11.418 KB911564.log
22.03.2007 01:22 11.876 KB929399.log
22.03.2007 01:22 12.825 KB925398.log
22.03.2007 01:21 2.369 wmsetup10.log
22.03.2007 01:21 6.544 KB926239.log
22.03.2007 01:21 4.530 MSCompPackV1.log
22.03.2007 01:20 19.761 wmp11.log
22.03.2007 01:20 30.250 WMFDist11.log
22.03.2007 01:19 11.365 Wudf01000Inst.log
22.03.2007 01:16 8.840 WgaNotify.log
22.03.2007 00:58 89 ALaunch.ini
22.03.2007 00:58 88 GridV.UNI
22.03.2007 00:55 12.193 KB918005.log
22.03.2007 00:38 0 NT.INI
22.03.2007 00:23 1.219 HotFix.bat
21.03.2007 23:32 9.415 PATCH.LOG
21.03.2007 23:30 1.174 OEWABLog.txt
21.03.2007 23:29 942.680 setuplog.txt
21.03.2007 23:28 2.741 sessmgr.setup.log
21.03.2007 23:28 641 DtcInstall.log
21.03.2007 23:27 4.038 regopt.log
21.03.2007 23:26 8.192 REGLOCS.OLD
14.03.2007 19:27 972.336 UNRecode.exe
14.03.2007 19:19 972.336 UNNeroBackItUp.exe
12.03.2007 13:51 972.336 UNNeroMediaHome.exe
28.02.2007 20:53 972.336 UNNeroVision.exe
28.02.2007 15:41 972.336 UNNeroShowTime.exe

Zitat

tmp.txt

Zitat

down.txt

Ist da jetzt alles wieder in Ordnung??
Beunruhigen tut mich das "disk error: C:\WINDOWS\" trotz Admin - Rechten
Außerdem das "O2 - BHO: (no name) - {E2C4C341-2701-4E54-9DFB-90F69743D0B2} - C:\WINDOWS\system32\pmkjh.dll (file missing)", "O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE", "O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)", "O17 - HKLM\System\CCS\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17", "O17 - HKLM\System\CS1\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17"

mfg
Roy