Home » Viren, Trojaner & Malware Forum » Win32:VB-BBA [Trj]///tel.xls.exe » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Win32:VB-BBA [Trj]///tel.xls.exe

08.04.2007, 13:30

Don Röschen

Member

Beiträge: 16

#1 Guten Tag, hab folgendes Problem das meine externe Festplatte mit einem Trojaner befallen ist ich ich die nun leider an mein PC anschloss. Nun ist der PC auch befallen. Wie bekomm ich nun die Trojaner von PC und externer Festplatte?
Hab über Suchefunktion leider nix gefunden. Der Trojaner ist auf jeder Partition.

Logfile of HijackThis v1.99.1
Scan saved at 13:03:01, on 08/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Browser Mouse\moffice.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Browser Mouse\MOUSE32A.EXE
C:\Programme\OO Software\CleverCache\ooccctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Kerio\Personal Firewall\persfw.exe
C:\Programme\BMPM\OfficerBlue\iNOTray.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genickbruch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Programme\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [OfficerBlue] C:\Programme\BMPM\OfficerBlue\iNOTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programme\OO Software\CleverCache\ooccag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
------------------------------------------------------------------------

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS\system32

08/04/2007 13:00 2,206 wpa.dbl
08/04/2007 12:59 70,200 goc.log
08/04/2007 12:59 88,566 nvapps.xml
08/04/2007 12:59 873 mmf.sys
08/04/2007 12:59 32,301 OODBS.lor
04/04/2007 11:21 276,560 FNTCACHE.DAT
04/04/2007 11:17 91 mslck.dat
25/03/2007 10:08 414,560 perfh009.dat
25/03/2007 10:08 69,078 perfc009.dat
25/03/2007 10:08 428,638 perfh007.dat
25/03/2007 10:08 81,678 perfc007.dat
25/03/2007 10:08 1,007,456 PerfStringBackup.INI
20/03/2007 11:02 173 spupdsvc.inf
19/03/2007 17:35 16,832 amcompat.tlb
19/03/2007 17:35 23,392 nscompat.tlb
08/03/2007 17:36 40,960 mf3216.dll
08/03/2007 17:36 281,600 gdi32.dll
08/03/2007 17:36 579,072 user32.dll
08/03/2007 17:32 1,843,712 win32k.sys
07/03/2007 22:36 12,619,736 MRT.exe
15/02/2007 19:01 337,280 WgaTray.exe
15/02/2007 19:01 1,476,992 LegitCheckControl.dll
15/02/2007 19:00 236,928 WgaLogon.dll
14/02/2007 12:46 122,142 TZLog.log
---------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\DOKUME~1\CMPUNK~1\LOKALE~1\Temp

08/04/2007 13:01 17,277 LVCOMSX.LOG
08/04/2007 13:00 49,152 ~DF16BF.tmp
08/04/2007 12:59 16,384 Perflib_Perfdata_5a0.dat
08/04/2007 12:18 16,384 ~DFFFE5.tmp
07/04/2007 10:53 72,192 ~e5.0001
06/04/2007 15:19 0 dnt4A.tmp
05/04/2007 17:20 131,072 ~DFD202.tmp
01/04/2007 16:45 16,384 Perflib_Perfdata_56c.dat
29/03/2007 18:20 0 0ph3D.tmp
29/03/2007 18:20 0 oe23C.tmp
27/03/2007 12:19 512 ~DF9506.tmp
27/03/2007 12:19 49,152 ~DF9429.tmp
27/03/2007 12:19 16,384 ~DF868D.tmp
27/03/2007 12:19 512 ~DF3376.tmp
27/03/2007 12:19 16,384 ~DF3361.tmp
27/03/2007 12:19 512 ~DF1C90.tmp
27/03/2007 12:19 49,152 ~DF1C41.tmp
27/03/2007 12:18 16,384 Perflib_Perfdata_504.dat
--------------------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS

08/04/2007 12:59 6,104 ModemLog_Bluetooth DUN Modem.txt
08/04/2007 12:59 6,098 ModemLog_Bluetooth Fax Modem.txt
08/04/2007 12:59 0 0.log
08/04/2007 12:59 4,246 ModemLog_Agere Systems PCI Soft Modem.txt
08/04/2007 12:59 1,222,168 WindowsUpdate.log
08/04/2007 12:59 159 wiadebug.log
08/04/2007 12:59 0 wiaservc.log
08/04/2007 12:59 2,048 bootstat.dat
08/04/2007 12:23 13 ufdata2000.log
08/04/2007 12:22 560 win.ini
08/04/2007 12:22 9,810 system.ini
08/04/2007 12:18 99 BACKINF.TAB
07/04/2007 14:11 28,320 SchedLgU.Txt
06/04/2007 13:37 1,409 QTFont.for
06/04/2007 13:37 54,156 QTFont.qfn
05/04/2007 15:30 116 NeroDigital.ini
04/04/2007 10:42 1,197 wmsetup.log
04/04/2007 10:11 977 iis6.log
04/04/2007 10:11 2,055 comsetup.log
04/04/2007 10:11 1,247 ntdtcsetup.log
04/04/2007 10:11 2,359 tsoc.log
04/04/2007 10:11 1,355 imsins.log
04/04/2007 10:11 342 ocmsn.log
04/04/2007 10:11 12,724 KB925902.log
04/04/2007 10:11 2,916 ocgen.log
04/04/2007 10:11 309 msgsocm.log
04/04/2007 10:11 6,158 FaxSetup.log
04/04/2007 10:11 1,601 setupapi.log
04/04/2007 10:11 0 setuperr.log
04/04/2007 10:11 0 setupact.log
04/04/2007 10:10 816 updspapi.log
01/03/2007 19:21 7,082 mozver.dat
20/02/2007 16:07 2,082 ModemLog_Standardmodem ber Bluetooth-Verbindung.txt
13/02/2007 11:27 256 musicmaker.INI
-----------------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS\Temp

08/04/2007 13:00 409 WGANotify.settings
08/04/2007 12:59 0 Perflib_Perfdata_65c.dat
08/04/2007 12:59 16,384 Perflib_Perfdata_78c.dat
08/04/2007 12:59 66 WGAErrLog.txt
08/04/2007 11:57 16,384 Perflib_Perfdata_5b4.dat
07/04/2007 10:19 16,384 Perflib_Perfdata_668.dat
06/04/2007 13:25 16,384 Perflib_Perfdata_518.dat
05/04/2007 17:04 16,384 Perflib_Perfdata_3f8.dat
05/04/2007 14:31 16,384 Perflib_Perfdata_54c.dat
04/04/2007 11:21 16,384 Perflib_Perfdata_564.dat
04/04/2007 11:21 16,384 Perflib_Perfdata_784.dat
04/04/2007 10:05 16,384 Perflib_Perfdata_55c.dat
03/04/2007 10:12 16,384 Perflib_Perfdata_63c.dat
01/04/2007 16:46 16,384 Perflib_Perfdata_650.dat
01/04/2007 16:46 16,384 Perflib_Perfdata_7a0.dat
01/04/2007 16:45 16,384 Perflib_Perfdata_5a8.dat
01/04/2007 16:45 16,384 Perflib_Perfdata_7b0.dat
01/04/2007 15:17 16,384 Perflib_Perfdata_358.dat
31/03/2007 14:43 16,384 Perflib_Perfdata_6bc.dat
30/03/2007 14:08 16,384 Perflib_Perfdata_160.dat
30/03/2007 13:21 16,384 Perflib_Perfdata_520.dat
30/03/2007 11:47 16,384 Perflib_Perfdata_648.dat
29/03/2007 17:31 16,384 Perflib_Perfdata_6f0.dat
29/03/2007 17:31 16,384 Perflib_Perfdata_710.dat
28/03/2007 19:15 16,384 Perflib_Perfdata_5b8.dat
28/03/2007 19:15 16,384 Perflib_Perfdata_794.dat
28/03/2007 11:27 0 T30DebugLogFile.txt
28/03/2007 11:26 16,384 Perflib_Perfdata_40c.dat
28/03/2007 10:40 0 Perflib_Perfdata_550.dat
27/03/2007 12:28 16,384 Perflib_Perfdata_400.dat
27/03/2007 12:18 16,384 Perflib_Perfdata_640.dat
27/03/2007 12:18 16,384 Perflib_Perfdata_790.dat
26/03/2007 14:13 16,384 Perflib_Perfdata_6ac.dat
26/03/2007 14:12 16,384 Perflib_Perfdata_7f8.dat
---------------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09/11/2006 15:36 5,019 swflash.inf
----------------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 083B-2EA7

Verzeichnis von C:\

08/04/2007 13:30 0 sys.txt
08/04/2007 13:29 1,976 down.txt
08/04/2007 13:29 2,304 tmp.txt
08/04/2007 13:28 8,678 system.txt
08/04/2007 13:27 1,149 systemtemp.txt
08/04/2007 13:24 121,093 system32.txt
08/04/2007 13:00 77 AUTORUN.INF
08/04/2007 12:59 805,306,368 pagefile.sys
08/04/2007 12:22 389 boot.ini
13/02/2007 11:01 7,680 DShow_Preview_Graph.grf
----------------------------------------------------------------------
CM Punk - 08/04/2007 13:31:33.39 Service Pack 2
ComboFix 06.09.28 - Running from: "D:\Download\installer\sicherheit"

((((((((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011/10/2006 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2014/08/2006 12:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2014/06/2006 16:56 13680 --a------ C:\WINDOWS\system32\drivers\sfhlp02.sys
2014/06/2006 11:00 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2014/06/2006 10:47 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2014/06/2006 10:47 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2013/08/2004 16:38 140544 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2013/07/2006 10:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2012/10/2004 18:03 28687 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2012/10/2004 17:08 23896 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2012/10/2004 10:05 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2012/10/2004 07:43 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2012/05/2005 14:39 1287296 --a------ C:\WINDOWS\system32\drivers\cmudax.sys
2012/04/2005 10:41 4608 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2012/04/2005 10:41 4608 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys
2012/03/2005 00:28 20640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2012/01/2007 19:49 38160 --a------ C:\WINDOWS\system32\drivers\oobctm.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"OfficerBlue"="C:\\Programme\\BMPM\\OfficerBlue\\iNOTray.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe"
"Dit"="Dit.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"FLMOFFICE4DMOUSE"="C:\\Programme\\Browser Mouse\\moffice.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ooccctrl.exe"="C:\\Programme\\OO Software\\CleverCache\\ooccctrl.exe /tasktray"
"ASocksrv"="SocksA.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000090
"ClearRecentDocsOnExit"=dword:00000001
"NoDriveAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"nwiz"="nwiz.exe /install"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Officer Blue Updates.job

Completion time: 08/04/2007 13:32:14.20
ComboFix.txt
ComboFix2.txt
------------------------------------------------------------------------

08.04.2007, 13:38

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Don Röschen

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\mmf.sys
C:\WINDOWS\system32\SocksA.exe

poste hier die reporte

-------------------------------------------------------------

»»
poste dieses log
HijackThis starten, "Open the misc tools section" klicken, die beiden Kästchen "List also minor sections" und "List empty sections" markieren und dann "Generate StartupList log" klicken.

-------

Zitat

This worm arrives on a system as a downloaded file from the Internet. When executed, it drops several copies of itself in the Windows and Windows system folder.

Upon execution, it drops the following copies of itself:

* %System%\FileKan.exe
* %System%\SocksA.exe
* %Windows%\Session.exe
* %Windows%\svchost.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003. %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

To ensure its automatic execution at every system startup, it then creates the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run
ASocksrv= "SocksA.exe"

Other Registry Modification

This worm modifies the following entry as part of its installation routine:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = "0"

(Note: The default value is user defined. When CheckedValue is set to 1, hidden files and folders are seen when the user uses Windows Explorer. There is no need to modify this again as part of the solution, since the change is not harmful to the system.)

Propagation via Removable Drives

This worm propagates by dropping a copy of itself as TEL.XLS.EXE in to the root folder of all the local drives and removable drives on the affected system. It also drops the file AUTORUN.INF in the same folder to enable its automatic execution whenever a user accesses these local and removable drives. The said file contains the following strings:

[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto

__________
MfG Sabina

rund um die PC-Sicherheit

09.04.2007, 14:47

Don Röschen

Member

Themenstarter

Beiträge: 16

#3 StartupList report, 09/04/2007, 14:39:26
StartupList version: 1.52.2
Started from : D:\Download\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\Programme\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Browser Mouse\moffice.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\OO Software\CleverCache\ooccctrl.exe
C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programme\Browser Mouse\MOUSE32A.EXE
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\BMPM\OfficerBlue\iNOTray.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Download\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\CM Punk\Startmenü\Programme\Autostart]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
BlueSoleil.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Verknüpfung mit der High Definition Audio-Eigenschaftenseite = HDAudPropShortcut.exe
Dit = Dit.exe
AGRSMMSG = AGRSMMSG.exe
LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
CloneCDTray = "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
FLMOFFICE4DMOUSE = C:\Programme\Browser Mouse\moffice.exe
iTunesHelper = "C:\Programme\iTunes\iTunesHelper.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ooccctrl.exe = C:\Programme\OO Software\CleverCache\ooccctrl.exe /tasktray
ASocksrv = SocksA.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TuneUp MemOptimizer = "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
DAEMON Tools = "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
OfficerBlue = C:\Programme\BMPM\OfficerBlue\iNOTray.exe
WMPNSCFG = C:\Programme\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[Disabled]
CHotkey = mHotkey.exe
ledpointer = CNYHKey.exe

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: not hidden (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: not hidden (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
SpywareGuard Download Protection - C:\Programme\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Klick-Wartung.job
AppleSoftwareUpdate.job
Officer Blue Updates.job

--------------------------------------------------

Enumerating Download Program Files:

[{00000161-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[ICQVideoControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICQVideoControl.dll
CODEBASE = http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
NameSpace #5: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

3xHybrid service: system32\DRIVERS\3xHybrid.sys (manual start)
ACEDRV07: \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys (autostart)
Microsoft ACPI-Treiber: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.0.0.5: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
Warndienst: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394-ARP-Clientprotokoll: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET-Zustandsdienst: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
avast! iAVS4 Control Service: "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Asynchroner RAS -Medientreiber: system32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: system32\DRIVERS\atapi.sys (system)
Protokoll für ATM ARP-Client: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: system32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
avast! Antivirus: "C:\Programme\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)
BlueSoleil Hid Service: C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)
Computerbrowser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)
Bluetooth-Anforderungsblocktreiber: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Bluetooth-Modemkommunikationstreiber: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth-Gerät (PAN): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth-Porttreiber: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
USB-Treiber für Bluetooth-Funkgerät: System32\Drivers\BTHUSB.sys (manual start)
Card Reader Filter: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS (manual start)
CA-Lizenz-Client: C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (manual start)
CA-Lizenzserver: C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (manual start)
Untertiteldecoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM-Laufwerktreiber: system32\DRIVERS\cdrom.sys (system)
Indexdienst: %SystemRoot%\system32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
C-Media High Definition Audio Interface: system32\drivers\cmudax.sys (manual start)
COM+-Systemanwendung: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: system32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Diskettencontrollertreiber: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start)
Diskettenlaufwerktreiber: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Treiber für Volume-Manager: system32\DRIVERS\ftdisk.sys (system)
Kerio Personal Firewall Driver: system32\Drivers\fwdrv.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Standardpaketklassifizierung: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA-Bustreiber für High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class-Treiber: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Filtertreiber für CD-Brennen: system32\DRIVERS\imapi.sys (system)
IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel-Prozessortreiber: system32\DRIVERS\intelppm.sys (system)
IPv6-Windows-Firewalltreiber: system32\DRIVERS\Ip6Fw.sys (manual start)
Filtertreiber für IP-Verkehr: system32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: system32\DRIVERS\ipinip.sys (manual start)
Übersetzer für IP-Netzwerkadressen: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Programme\iPod\bin\iPodService.exe" (manual start)
IPSEC-Treiber: system32\DRIVERS\ipsec.sys (system)
IR-Enumeratordienst: system32\DRIVERS\irenum.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: system32\DRIVERS\isapnp.sys (system)
jatmlano: \??\C:\DOKUME~1\CMPUNK~1\LOKALE~1\Temp\jatmlano.sys (manual start)
Tastaturklassentreiber: system32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-Treiber: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Arbeitsstationsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LckFldService: C:\WINDOWS\system32\LckFldService.exe (autostart)
LicCtrl Service: C:\WINDOWS\runservice.exe (autostart)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Ereignisprotokoll-Überwachung: C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (autostart)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
Nachrichtendienst: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MMRTKRNL: system32\drivers\mmrtkrnl.sys (system)
NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem-Datenstromfiltergerät: system32\drivers\MODEMCSA.sys (manual start)
Mausklassentreiber: system32\DRIVERS\mouclass.sys (system)
Mouse Filter Driver: system32\DRIVERS\moufiltr.sys (manual start)
Maus-HID-Treiber: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE-Filter: system32\DRIVERS\MPE.sys (manual start)
Redirector für WebDav-Client: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
Microsoft-Systemverwaltungs-BIOS-Treiber: system32\DRIVERS\mssmbios.sys (manual start)
MSSQL$SONY_MEDIAMGR: C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR (manual start)
MSSQLServerADHelper: C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI-Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV-/Videoverbindung: system32\DRIVERS\NdisIP.sys (manual start)
RAS-NDIS-TAPI-Treiber: system32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: system32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: system32\DRIVERS\netbios.sys (system)
NetBios über TCP/IP: system32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled)
Anmeldedienst: %SystemRoot%\system32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-Netzwerktreiber: system32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Netgroup Packet Filter: \??\C:\WINDOWS\system32\drivers\packet.sys (manual start)
NT-LM-Sicherheitsdienst: %SystemRoot%\system32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NTSIM: \??\C:\WINDOWS\system32\ntsim.sys (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Filtertreiber für IPX-Verkehr: system32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: system32\DRIVERS\nwlnkfwd.sys (manual start)
O&O Defrag: C:\WINDOWS\system32\oodag.exe (autostart)
VIA OHCI-konformer IEEE 1394-Hostcontroller: system32\DRIVERS\ohci1394.sys (system)
O&O CleverCache Agent: "C:\Programme\OO Software\CleverCache\ooccag.exe" (autostart)
Treiber für parallelen Anschluss: system32\DRIVERS\parport.sys (manual start)
PCI-Bus-Treiber: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Kerio Personal Firewall: "C:\Programme\Kerio\Personal Firewall\persfw.exe" (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-Dienste: %SystemRoot%\system32\lsass.exe (autostart)
WAN-Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart)
PsSdk30: \??\C:\WINDOWS\system32\Drivers\PsSdk30.drv (manual start)
Treiber für direkte Parallelverbindung: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start)
Treiber für automatische RAS-Verbindung: system32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remotezugriff-PPPOE-Treiber: system32\DRIVERS\raspppoe.sys (manual start)
Parallelanschluss (direkt): system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filtertreiber für digitale CD-Audiowiedergabe: system32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Bluetooth-Gerät (RFCOMM-Protokoll-TDI): system32\DRIVERS\rfcomm.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
RPC-Locator: %SystemRoot%\system32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS-RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
RT2500 USB Wireless LAN Driver: system32\DRIVERS\rt2500usb.sys (manual start)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (system)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (autostart)
Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: system32\DRIVERS\serial.sys (system)
StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)
StarForce Protection Environment Driver (version 1.x.a): System32\drivers\sfdrv01a.sys (system)
StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
High-Capacity-Diskettenlaufwerk: system32\DRIVERS\sfloppy.sys (manual start)
StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)
StarForce Protection Synchronization Driver (version 4.x): System32\drivers\sfsync04.sys (system)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
SQLAgent$SONY_MEDIAMGR: C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR (manual start)
Filtertreiber für Systemwiederherstellung: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
Systemwiederherstellungsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP-Suchdienst: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Windows-Bilderfassung (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA-IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software-Bus-Treiber: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{69FE9670-89CD-4F20-8AD9-A6CBF11B9F62} (manual start)
Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: system32\DRIVERS\tcpip.sys (system)
Terminal-Gerätetreiber: system32\DRIVERS\termdd.sys (system)
Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
UKBFLT: system32\DRIVERS\UKBFLT.sys (manual start)
Microcode Updatetreiber: system32\DRIVERS\update.sys (manual start)
Universeller Plug & Play-Gerätehost: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start)
USB-Audiotreiber (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft Standard-USB-Haupttreiber: system32\DRIVERS\usbccgp.sys (manual start)
Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB-Standardhubtreiber: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB-Druckerklasse: system32\DRIVERS\usbprint.sys (manual start)
USB-Scannertreiber: system32\DRIVERS\usbscan.sys (manual start)
USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniporttreiber für universellen Microsoft USB-Hostcontroller: system32\DRIVERS\usbuhci.sys (manual start)
Messenger USN Journal Reader-Service für freigegebene Ordner: "C:\Programme\MSN Messenger\usnsvc.exe" (manual start)
TuneUp Designerweiterung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)
Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start)
Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
RAS-IP-ARP-Treiber: system32\DRIVERS\wanarp.sys (manual start)
Winbond Smartcard Reader for I/O: system32\drivers\wbscr.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual start)
Webclient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
WinDriver kernel module: System32\Drivers\windrvr.sys (manual start)
Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-Leistungsadapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player-Netzwerkfreigabedienst: C:\Programme\Windows Media Player\WMPNetwk.exe (autostart)
Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext-Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start)
Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
X10 USB Wireless Transceiver: System32\Drivers\x10ufx2.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 41,975 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
------------------------------------------------------------------------------

C:\WINDOWS\system32\mmf.sys (Bild1)
C:\WINDOWS\system32\SocksA.exe (Bild2)
Mit dem Virustotal Scanner gab Probleme der wollte nicht so recht Scannen (siehe Bilder im Anhang)

Zitat

C:\Documents and Settings\user\Local Settings\Temp\jatmlano.sys -> Backdoor.Genlot.DX : Cleaned.

Anhang: Bilder1-2.rar

09.04.2007, 16:54

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ASocksrv

drivers to unload:
jatmlano

Files to delete:
C:\tel.xls.exe
C:\WINDOWS\system32\SocksA.exe
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\jatmlano.sys

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

---
««
http://virus-protect.org/artikel/tools/sdfix.html
SDFix.zip entpacken

es erscheint folgende Meldung:

"The SDFix Folder has been extracted to %systemdrive% - Please run from that location.
(%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )"

unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
schreibe: Y
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag

---------------------------------------------------------------
««
http://virus-protect.org/artikel/tools/sdfix.html
im Normalmodus

RunThis.bat doppelt klicken
reinschreiben: 3
3 : wird Sophos geladen -waehle 6 - scanne und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

11.04.2007, 16:28

Don Röschen

Member

Themenstarter

Beiträge: 16

#5 habe avenger ausgeführt
-----------------------------------------------------------------------
SDFix: Version 1.77

Run by CM Punk - 11/04/2007 - 15:30:55.98

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\regedit.com - Deleted

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Remoteunterstützung"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"="%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe"="%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe"="%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQLite"
"C:\\Programme\\Call of Duty\\CoDMP.exe"="C:\\Programme\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\AIM95\\aim.exe"="C:\\Programme\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe"="C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Demo"
"C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Programme\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Programme\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Remoteunterstützung"
"%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"="%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
"%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe"="%CommonProgramFiles%\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe"="%CommonProgramFiles%\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil"
"C:\\Programme\\AIM95\\aim.exe"="C:\\Programme\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programme\\MSN Messenger\\livecall.exe"="C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Programme\eRightSoft\SUPER\_Setup.dll
C:\Programme\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Programme\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Programme\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Programme\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Programme\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Programme\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Programme\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Programme\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Programme\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Programme\eRightSoft\SUPER\mencoder\libavcodec.dll
C:\Programme\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Programme\eRightSoft\SUPER\mencoder\raac.dll
C:\Programme\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Programme\Microsoft Works Suite 2005\Setup\mnyinsta.dll
C:\Programme\Microsoft Works Suite 2005\Setup\setuplng.dll
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\smab.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\Programme\eRightSoft\SUPER\Setup.exe
C:\Programme\Microsoft Works Suite 2005\Setup\launcher.exe
C:\Programme\Microsoft Works Suite 2005\Setup\RmvSuite.exe
C:\Programme\Microsoft Works Suite 2005\Setup\unregwtr.exe
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\x.264.exe
C:\Programme\Common Files\X10\Common\x10prod.sys
C:\WINDOWS\system32\32828BBAAC.sys
C:\WINDOWS\system32\mmf.sys
C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv02.tmp

Finished
---------------------------------------------------------------------------
Sophos Anti-Virus
Version 4.16.0 [Win32/Intel]
Virus data version 4.16, April 2007
Includes detection for 233608 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 15:49:48, System date 11 April 2007
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\SDFix\IDE

Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf
Could not check C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys (virus scan failed)
>>> Virus 'Troj/QQRob-AAT' found in file C:\WINDOWS\Session.exe
Removal successful
Could not check C:\WINDOWS\system32\dllcache\rmcast.sys (virus scan failed)
Could not check C:\WINDOWS\system32\drivers\rmcast.sys (virus scan failed)
Could not open C:\WINDOWS\system32\drivers\sptd.sys
>>> Virus 'Troj/QQRob-AAT' found in file C:\WINDOWS\system32\FileKan.exe
Removal successful
Could not open C:\WINDOWS\system32\mmf.sys
>>> Virus 'Troj/Keygen-Q' found in file D:\Download\installer\Slysoft-AnyDVD6.0.8.2+CloneCD5.2.9.1+CloneDVD2.9.0.1+CloneDVD Mobile1.1.2.1+incl.Crack-by }TP{\Crack\Patch-CloneDVD Mobile v.1.1.2.1\Patch-CloneDVD Mobile v.1.1.2.1.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Download\installer\StyleXPInstallMale\Style_XP_3.16_KG\eclsxp31.exe
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file D:\Download\installer\TuneUp Utilities 2007\TuneUp Utilities 2007\keygen.exe
Removal successful

3 boot sectors swept.
30263 files swept in 21 minutes and 32 seconds.
9 errors were encountered.
5 viruses were discovered.
5 files out of 30263 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
4 encrypted files were not checked.
Ending Sophos Anti-Virus.

11.04.2007, 17:09

Sabina

Ehrenmitglied

Beiträge: 29434

#6 «
bei den ganzen key-Gens brauchst du dich nicht ueber einen verseuchten Rechner zu wundern

«
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\mmf.sys
C:\WINDOWS\meta4.exe

poste die reporte
__________
MfG Sabina

rund um die PC-Sicherheit

12.04.2007, 10:12

Don Röschen

Member

Themenstarter

Beiträge: 16

#7 bei dem "C:\WINDOWS\system32\mmf.sys" steht wieder (0 bytes size received / Se ha recibido un archivo vacio) wenn ich auf SEND drücke.
-----------------------------------------------------------------------------
Complete scanning result of "meta4.exe", received in VirusTotal at 04.12.2007, 10:00:26 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.12.0 04.12.2007 no virus found
AntiVir 7.3.1.50 04.12.2007 no virus found
Authentium 4.93.8 04.12.2007 no virus found
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.11.2007 no virus found
BitDefender 7.2 04.12.2007 no virus found
CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 04.12.2007 no virus found
DrWeb 4.33 04.12.2007 no virus found
eSafe 7.0.15.0 04.11.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3562 04.12.2007 no virus found
Ewido 4.0 04.10.2007 no virus found
FileAdvisor 1 04.12.2007 no virus found
Fortinet 2.85.0.0 04.12.2007 no virus found
F-Prot 4.3.1.45 04.12.2007 no virus found
F-Secure 6.70.13030.0 04.12.2007 no virus found
Ikarus T3.1.1.5 04.12.2007 no virus found
Kaspersky 4.0.2.24 04.12.2007 no virus found
McAfee 5006 04.11.2007 no virus found
Microsoft 1.2405 04.11.2007 no virus found
NOD32v2 2182 04.11.2007 no virus found
Norman 5.80.02 04.11.2007 no virus found
Panda 9.0.0.4 04.12.2007 Suspicious file
Prevx1 V2 04.12.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.12.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.10.2007 no virus found
VirusBuster 4.3.7:9 04.11.2007 no virus found
Webwasher-Gateway 6.0.1 04.12.2007 Win32.Malware.gen (suspicious)

Aditional Information
File size: 217073 bytes
MD5: fce9e5f5c7ce6d7b1ec49b5ce07070c9
SHA1: 2ca7b4304072b5a2634bae8dbb496ab2ebbc921a
packers: UPX
packers: UPX
packers: UPX
-------------------------------------------------------------------------

12.04.2007, 11:09

Sabina

Ehrenmitglied

Beiträge: 29434

#8 poste beide logs
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit

14.04.2007, 09:56

Don Röschen

Member

Themenstarter

Beiträge: 16

#9 ComboScan v20070306.20 run by CM Punk on 2007-04-14 at 09:32:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-04-14 07:33:00 UTC - RP1 - Systemprüfpunkt

Performed disk cleanup.

-- HijackThis (run as CM Punk.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:33:29, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Browser Mouse\moffice.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Browser Mouse\MOUSE32A.EXE
C:\Programme\OO Software\CleverCache\ooccctrl.exe
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programme\Kerio\Personal Firewall\persfw.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
D:\Download\comboscan.exe
D:\Download\HIJACK~2\CM Punk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genickbruch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Programme\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [OfficerBlue] C:\Programme\BMPM\OfficerBlue\iNOTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programme\OO Software\CleverCache\ooccag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

-- HijackThis Fixed Entries (D:\Download\HIJACK~2\backups\) --------------------

backup-20051201-092141-123 O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
backup-20051201-092141-187 O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT6\PRMTIE\prmtie5.htm
backup-20051201-092141-259 O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {12F8B51D-B862-4901-8364-48640726F508} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
backup-20051201-092141-285 O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
backup-20051201-092141-417 O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
backup-20051201-092141-577 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
backup-20051201-092141-660 O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20051201-092141-837 O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {12F8B51D-B862-4901-8364-48640726F508} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
backup-20061012-154037-279 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
backup-20061012-154037-374 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
backup-20061012-154037-549 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R 3xHybrid (3xHybrid service) - C:\WINDOWS\system32\drivers\3xHybrid.sys
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
2R ACEDRV07 - C:\WINDOWS\system32\drivers\ACEDRV07.sys
2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - C:\WINDOWS\system32\drivers\AegisP.sys
3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3R AnyDVD - C:\WINDOWS\system32\drivers\AnyDVD.sys
3R Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys
3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys
3R Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys
3S BthEnum (Bluetooth-Anforderungsblocktreiber) - C:\WINDOWS\system32\drivers\BthEnum.sys
3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys
0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys
3S BTHMODEM (Bluetooth-Modemkommunikationstreiber) - C:\WINDOWS\system32\drivers\bthmodem.sys
3S BthPan (Bluetooth-Gerät (PAN)) - C:\WINDOWS\system32\drivers\bthpan.sys
3S BTHPORT (Bluetooth-Porttreiber) - C:\WINDOWS\system32\drivers\bthport.sys
3S BTHUSB (USB-Treiber für Bluetooth-Funkgerät) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
3S CardReaderFilter (Card Reader Filter) - C:\WINDOWS\system32\drivers\USBCRFT.SYS
3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R cmudax (C-Media High Definition Audio Interface) - C:\WINDOWS\system32\drivers\cmudax.sys
3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys
2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys
3R FETNDISB (VIA Rhine Family Fast Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5b.sys
1R fwdrv (Kerio Personal Firewall Driver) - C:\WINDOWS\system32\drivers\FWDRV.SYS
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HdAudAddService (Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3R HDAudBus (Microsoft UAA-Bustreiber für High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HidUsb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Tastatur-HID-Treiber) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
0R MMRTKRNL - C:\WINDOWS\system32\drivers\mmrtkrnl.sys
3R MODEMCSA (Unimodem-Datenstromfiltergerät) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R moufiltr (Mouse Filter Driver) - C:\WINDOWS\system32\drivers\moufiltr.sys
3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE-Filter) - C:\WINDOWS\system32\drivers\MPE.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
3S NPF (Netgroup Packet Filter) - C:\WINDOWS\system32\drivers\packet.sys
3S NTSIM - C:\WINDOWS\system32\ntsim.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys
0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys
0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys
3R PsSdk30 - C:\WINDOWS\system32\Drivers\PsSdk30.drv (not found)
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S QCMerced (Logitech QuickCam Communicate) - C:\WINDOWS\system32\drivers\lvcm.sys
3S RFCOMM (Bluetooth-Gerät (RFCOMM-Protokoll-TDI)) - C:\WINDOWS\system32\drivers\rfcomm.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R RT2500USB (RT2500 USB Wireless LAN Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys
1R SASDIFSV - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
3S SASENUM - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfdrv01a (StarForce Protection Environment Driver (version 1.x.a)) - C:\WINDOWS\system32\drivers\sfdrv01a.sys
0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R UKBFLT - C:\WINDOWS\system32\drivers\UKBFLT.sys
3S usbaudio (USB-Audiotreiber (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB-Scannertreiber) - C:\WINDOWS\system32\drivers\usbscan.sys
3R usbstor (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys
3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys
3R wbscr (Winbond Smartcard Reader for I/O) - C:\WINDOWS\system32\drivers\wbscr.sys
3S WinDriver (WinDriver kernel module) - C:\WINDOWS\system32\Drivers\windrvr.sys (not found)
1R WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET-Zustandsdienst) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"
3S Autodesk Licensing Service - "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe"
2R avast! Antivirus - "C:\Programme\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service
2R BlueSoleil Hid Service - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
3S CA_LIC_CLNT (CA-Lizenz-Client) - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
3S CA_LIC_SRVR (CA-Lizenzserver) - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Programme\iPod\bin\iPodService.exe"
2S LckFldService - C:\WINDOWS\system32\LckFldService.exe
2R LicCtrlService (LicCtrl Service) - C:\WINDOWS\runservice.exe
2R LogWatch (Ereignisprotokoll-Überwachung) - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
3S MSSQL$SONY_MEDIAMGR - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
3S MSSQLServerADHelper - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2R O&O Defrag - C:\WINDOWS\system32\oodag.exe
2R OOCleverCacheAgent (O&O CleverCache Agent) - "C:\Programme\OO Software\CleverCache\ooccag.exe"
2R PersFw (Kerio Personal Firewall) - "C:\Programme\Kerio\Personal Firewall\persfw.exe"
3S SQLAgent$SONY_MEDIAMGR - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
3S usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\MSN Messenger\usnsvc.exe"
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

-- Scheduled Tasks -------------------------------------------------------------

2007-04-04 20:00:01 278 --a------ C:\WINDOWS\Tasks\Officer Blue Updates.job<OFFICE~1.JOB>
2007-03-16 18:16:28 400 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job<1-KLIC~1.JOB>
2007-03-09 22:02:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-03-14 and 2007-04-14 -----------------------------

2007-04-11 15:49:27 0 d-------- C:\SAV32CLI
2007-04-10 16:29:37 0 d-------- C:\SDFix
2007-04-10 16:25:27 0 d-------- C:\avenger
2007-03-19 17:50:52 0 d-------- C:\Programme\DFX

-- Find3M Report ---------------------------------------------------------------

2007-04-14 09:11:16 873 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-04-12 10:35:06 125 ---hs---- C:\Dokumente und Einstellungen\CM Punk\Anwendungsdaten\.zreglib<ZREGLI~1>
2007-04-10 15:06:46 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2007-04-04 11:17:50 91 --a------ C:\WINDOWS\system32\mslck.dat
2007-03-25 10:08:28 428638 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-25 10:08:28 81678 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-19 17:51:15 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2007-03-19 17:29:38 0 d-------- C:\Programme\Windows Media Connect 2<WI4DF6~1>
2007-03-17 15:44:25 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-10 19:48:52 0 d-------- C:\Programme\Ant Movie Catalog<ANTMOV~1>
2007-03-10 18:33:48 0 d-------- C:\Programme\SUPERAntiSpyware<SUPERA~1>
2007-03-09 13:41:20 0 d-------- C:\Programme\SpywareGuard<SPYWAR~2>
2007-03-09 13:40:24 0 d-------- C:\Programme\SpywareBlaster<SPYWAR~1>
2007-03-08 17:36:30 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36:30 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36:30 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32:24 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 13:34:30 0 d-------- C:\Programme\ICQLite
2007-03-05 11:29:41 0 d-------- C:\Programme\BMPM
2007-03-01 19:21:02 7082 --a------ C:\WINDOWS\mozver.dat
2007-03-01 17:14:02 0 d-------- C:\Programme\FlashGet
2007-02-22 01:54:35 0 d-------- C:\Programme\DAEMON Tools<DAEMON~1>
2007-02-20 16:41:04 0 d-------- C:\Programme\IVT Corporation<IVTCOR~1>
2007-02-20 16:41:03 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-17 23:55:26 0 d-------- C:\Programme\Call of Duty<CALLOF~1>
2007-02-05 22:18:44 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"OfficerBlue"="C:\\Programme\\BMPM\\OfficerBlue\\iNOTray.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe"
"Dit"="Dit.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"FLMOFFICE4DMOUSE"="C:\\Programme\\Browser Mouse\\moffice.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ooccctrl.exe"="C:\\Programme\\OO Software\\CleverCache\\ooccctrl.exe /tasktray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled]
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"nwiz"="nwiz.exe /install"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
Shell\Auto\command tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\Auto\command tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\Auto\command tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\Auto\command L:\tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f454637-4d06-11d9-b3f7-806d6172696f}]
Shell\Auto\command tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afb32862-bec1-11db-bc17-001109569a84}]
Shell\Auto\command L:\tel.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

-- End of ComboScan: finished at 2007-04-14 at 09:33:56 --------------------------------------------------------------------------------

ComboScan v20070306.20 run by CM Punk on 2007-04-14 at 09:32:59
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 664.61 MiB
Pagefile Memory (total/avail): 1693.11 MiB / 1391.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1994.08 MiB

C: is Fixed (NTFS) - 125.46 GiB total, 60.52 GiB free.
D: is Fixed (NTFS) - 97.65 GiB total, 37.58 GiB free.
E: is Fixed (FAT32) - 9.76 GiB total, 5.28 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (CDFS)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: avast! antivirus 4.7.942 [VPS 000733-1] v4.7.942 (ALWIL Software)

-

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\FOLDER~1\FOLDER~1.EXE UnInstall
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack --> "C:\Programme\ACE Mega CoDecS Pack\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Age of Empires III --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
Age of Empires III - The WarChiefs --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Ant Movie Catalog --> "C:\Programme\Ant Movie Catalog\unins000.exe"
AnyDVD --> "C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Audiograbber 1.83 SE --> C:\WINDOWS\uninstall\Audiograbber\setup.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BitComet 0.70 --> C:\Programme\BitComet\uninst.exe
BlueSoleil --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x7
Browser Mouse --> C:\Programme\Browser Mouse\uninst00.exe
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty(R) 2 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Caplio Software --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E5902E4A-6E5C-49AB-99EE-20360A35FA0A}\setup.exe" -l0x7 anything
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
CloneCD --> "C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2 --> "C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Crazy Machines --> MsiExec.exe /X{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}
Crazy Machines - Neue Herausforderungen --> MsiExec.exe /X{294EF51E-1453-4F42-8792-77DBFB47D0EC}
DeviceControl --> MsiExec.exe /I{EABE2A27-9452-472E-9389-EFF410E956E1}
DFX 8 for Musicmatch --> MsiExec.exe /I{60674fc3-3f60-45aa-a299-534a13d57cc8}
DivX --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Shrink 3.2 --> "C:\Programme\DVD Shrink\unins000.exe"
EA Link --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1031
FileSpecs plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\INSTALL.LOG
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Football Manager 2007 --> C:\Programme\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Generic USB CardReader 2.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
HexDump plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\hexdump\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\hexdump\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> D:\Download\hijackthis\HijackThis.exe /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Kerio Personal Firewall 2.1.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall
L&H TTS3000 Deutsch --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
LeagueWarZ --> "C:\WINDOWS\LeagueWarZ\uninstall.exe" "/U:C:\Programme\LeagueWarZ\Uninstall\uninstall.xml"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LetsTrade Komponenten --> C:\WINDOWS\fpuninst.exe -uninstall:"C:\Programme\LetsTrade\uninst\uninst.ini"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-Software --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x7
Logitech® Camera-Treiber --> "C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MAGIX music maker 2005 deLuxe --> C:\MAGIX\mm2005_deLuxe\instslct.exe
Messenger-Control plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Baseline Security Analyzer 2.0 --> MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Enzyklopädie 2005 --> MsiExec.exe /I{05440044-64A6-4248-A026-9745C1E9E159}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}
Mozilla Firefox (2.0.0.3) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 7 Demo --> MsiExec.exe /I{E653C735-0D84-AD30-7C75-91C8DC421031}
Nero Suite --> C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}
Nokia PC Suite --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1267949C-73FC-4692-AA22-176F5E909647}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O CleverCache --> MsiExec.exe /X{53480390-0EC4-429E-BBEE-78E19EEB03BD}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OE/W Messengerctrl plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\INSTALL.LOG
Officer Blue --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{688A197C-5104-4335-A0C1-3A22A444C465}\OfficerBlue_V2.3.exe" REMOVE=TRUE MODIFY=FALSE
PartyPoker --> "C:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programme\PartyGaming\PartyPoker\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qtracker --> C:\PROGRA~1\Qtracker\UNWISE.EXE C:\PROGRA~1\Qtracker\INSTALL.LOG
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Race Driver 3 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x7 -removeonly
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly
Setup-Start von Microsoft Works 2005 --> C:\Programme\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP g:\
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x7 -removeonly
Sid Meier's Civilization 4 Demo --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A241A64-9AD1-4D94-A227-6C3D5D2F854D}\setup.exe" -l0x7 -removeonly
Smart Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E02403C-C469-4937-9B94-7DF9F78888FA}\Setup.exe" -l0x7
Sony DVD Architect 3.0 --> MsiExec.exe /X{41B9A86B-390C-49AC-B900-F68420867D99}
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
SpywareBlaster v3.5.1 --> "C:\Programme\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> C:\Programme\SpywareGuard\unins000.exe
SUPER © Version 2006.17 --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> C:\Programme\teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x7
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\INSTALL.LOG
W83L518D --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7
Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9-Reihe --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Creativity Fun Packs - Windows Movie Maker 2 --> MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
WISO Mein Geld 5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8CD9282B-A8F4-4A6D-A11C-6B9738975B00}\Setup.exe"
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
xp-AntiSpy 3.96-1 --> C:\Programme\xp-AntiSpy\Uninstall.exe

-- End of ComboScan: finished at 2007-04-14 at 09:33:56 ------------------------

15.04.2007, 15:47

Sabina

Ehrenmitglied

Beiträge: 29434

#10 ich kann nichts mehr finden, scanne noch mal mit dem avast im abgesicherten Modus
und berichte, ob noch etwas gefunden wird.
__________
MfG Sabina

rund um die PC-Sicherheit

16.04.2007, 13:32

FreKo

...neu hier

Beiträge: 1

#11 Hallo,

hoffentlich erschlagt ihr mich nicht gleich für meien ersten Beitrag hier,
aber ich denke mal ihr sucht danach:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2ECBW&VSect=P

LG

Fred

16.04.2007, 20:12

Don Röschen

Member

Themenstarter

Beiträge: 16

#12 Danke! kann man sich auch erkenntlich zeigen ohne paypal?

Avast konnte nix finden

2 Fragen noch...

Wie muss ich jetzt mit meiner externen Festplatte umgehen da der Virus noch darauf ist aber sobald ich die an den PC anschließe der Virus "rüberspringt" ?

Meine Laufwerke (C:/D:/E

starten beim Doppelklick im Autoplay. Heißt ich komm nur ins Laufwerk mit Rechtsklick und "öffnen". Wie kann ich das ändern ?

THX

16.04.2007, 20:15

Sabina

Ehrenmitglied

Beiträge: 29434

#13 dieser fehler mit dem Auoplay ist mir bekannt - (anderer User) - keine Ahnung, was/wo/wie man das in der registry umstellen kann

scanne alle Festplatten mit sophos durch - wie es ausschaut, findet/loescht er den Virus.
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1