Popups von DriveCleaner, Winantivirus 2006, Sicherheitscenter, Search the Web un

#1 Hallo!
Nachdem ich ein verseuchtes Installationsprogramm gestartet hatte, fuhr der Rechner nach ca 2 Minuten mit der Meldung runter, das das System heruntergefahren
wird und ich 60s Zeit habe alles zu sichern. Nachdem ich im abgesicherten Modus gestartet hatte und sofort über den Taskmanager den Prozess "Userinit"
gestoppt hatte, blieb der Rechner an. Ich ließ Ewido, Counterspy, Spybot, Bit Defender und Symantec Antivirus mehrmals laufen und habe alles gelöscht, was zu finden war.

Jetzt habe ich nur noch den Fehler, den ich schon von vielen gelesen habe. Ich benutze Firefox. Sobald der Browser gestartet ist, öffnen sich ständig verschiedene Popups.
Mal von "DriveCleaner" mit Weiterleitung zum Sicherheits Forum oder von WinAntiVirus 2006 oder einfach irgendwelche Werbefenster. Oft ist es auch als erstes die
Seite "Broadcaster.com" oder noch was anderes.
Ich habe auch schon alle Listings und Startdateien überprüft, aber mit meinem laienhaften Wissen komme ich einfach nicht weiter.

Ich hoffe, Ihr könnt mir helfen!

_________________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 14:38:54, on 09.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\Logitech\G-series Software\LGDCore.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\The Cleaner\tca.exe
C:\Programme\The Cleaner\tcm.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AHQInit] C:\Programme\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Programme\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programme\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

__________________________________________________________________________________________________________________________________________
"Hanke" - 07-04-09 14:46:33 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\Hanke\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com


((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))


2007-04-09 14:32 <DIR> d-------- C:\Temp\tn3
2007-04-09 13:49 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-04-08 21:30 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-08 21:30 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-08 21:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-04-08 20:56 153,600 --a------ C:\WINDOWS\R.COM
2007-04-08 20:56 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-04-08 20:56 <DIR> d-------- C:\bases
2007-04-08 20:26 <DIR> d-------- C:\avenger
2007-04-08 20:10 287 --a------ C:\startmwav.bat
2007-04-08 19:47 130,048 --a------ C:\avenger.exe
2007-04-08 17:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 17:45 <DIR> d-------- C:\Programme\The Cleaner
2007-04-08 17:43 <DIR> d-------- C:\Programme\RogueRemover
2007-04-08 16:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-08 14:57 <DIR> d--h----- C:\WINDOWS\Icons
2007-04-08 14:24 2,472 --a------ C:\clean.bat
2007-04-08 14:21 <DIR> d-------- C:\Programme\ETRemover
2007-04-08 13:32 <DIR> d-------- C:\Programme\L2MRemover
2007-04-08 12:03 14,776,424 --a------ C:\mwav.exe
2007-04-07 22:33 72,320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-07 22:11 <DIR> d-------- C:\Programme\Ultra Video Splitter
2007-04-06 23:11 <DIR> d-------- C:\Programme\Pcsx2
2007-04-06 22:07 <DIR> d-------- C:\Programme\SuperFlexible
2007-04-06 21:50 <DIR> d-------- C:\Programme\Driver-Soft
2007-04-06 21:39 <DIR> d-------- C:\Programme\F„lscherwerkstatt2
2007-04-06 20:18 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-06 20:13 2,322,432 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-04-06 20:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2006
2007-04-06 20:03 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\TuneUp Software
2007-04-06 20:02 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-04-06 19:27 <DIR> d-------- C:\wifitemp
2007-04-06 19:27 <DIR> d-------- C:\Programme\WiFi Hopper
2007-04-06 17:58 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\WinRAR
2007-04-01 16:09 <DIR> d-------- C:\Programme\Arcor Fotoservice
2007-03-31 23:12 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-31 23:12 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-03-31 23:12 <DIR> d-------- C:\Programme\eRightSoft
2007-03-31 22:21 <DIR> d-------- C:\Programme\AviSynth 2.5
2007-03-31 19:43 2,321,280 --a------ C:\WINDOWS\system32\kernel1.exe
2007-03-31 19:05 <DIR> d-------- C:\WINDOWS\Wallpapers
2007-03-25 09:34 <DIR> d-------- C:\Programme\Motorola
2007-03-22 07:47 <DIR> d-------- C:\Programme\TomTom Media Center
2007-03-20 21:50 <DIR> d-------- C:\Programme\FireTrust
2007-03-20 21:50 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\MailWasherPro
2007-03-18 15:43 58 --ah----- C:\WINDOWS\system32\SWCTL.DLL
2007-03-18 15:43 <DIR> d-------- C:\WINDOWS\system32\tmr
2007-03-18 15:43 <DIR> d-------- C:\WINDOWS\system32\bin
2007-03-18 15:43 <DIR> d-------- C:\Programme\Kisi
2007-03-17 18:33 532,480 --a------ C:\WINDOWS\system32\Audi R8 Screensaver.scr
2007-03-17 18:33 <DIR> d-------- C:\WINDOWS\system32\Audi R8 Screensaver dir
2007-03-16 00:42 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-11 21:25 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-03-11 16:19 <DIR> d-------- C:\Programme\OO Software
2007-03-10 21:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
2007-03-10 20:14 <DIR> d-------- C:\Programme\DVD Shrink
2007-03-10 16:47 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft
2007-03-10 15:47 <DIR> d-------- C:\Programme\RegCleaner
2007-03-10 01:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-09 13:39 -------- d-------- C:\Programme\symantec antivirus
2007-04-08 18:02 0 --a------ C:\CONFIG.SYS
2007-04-08 18:02 0 --------- C:\AUTOEXEC.BAT
2007-04-07 23:19 -------- d-------- C:\Programme\enditall
2007-04-07 22:18 -------- d-------- C:\Programme\isobuster
2007-04-07 20:10 -------- d-------- C:\Programme\emule
2007-04-06 22:02 -------- d-------- C:\Programme\yahoo!
2007-04-06 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-06 17:16 -------- d-------- C:\Programme\tvgenial
2007-04-06 15:03 76014 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-06 15:03 418970 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-31 21:45 -------- d-------- C:\Programme\slysoft
2007-03-25 09:34 -------- d-------- C:\Programme\common files
2007-03-18 20:50 -------- d-------- C:\Programme\fp.leecher
2007-03-17 13:21 -------- d-------- C:\Programme\auction sentry deluxe
2007-03-12 22:49 2828 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-03-11 11:30 133 ---hs---- C:\DOKUME~1\Hanke\ANWEND~1\.zreglib
2007-03-10 19:02 -------- d-------- C:\DOKUME~1\Hanke\ANWEND~1\ripit4me
2007-03-10 18:03 -------- d-------- C:\Programme\ripit4me
2007-03-10 15:39 -------- d-------- C:\Programme\curerom
2007-03-10 15:29 -------- d--h----- C:\Programme\installshield installation information
2007-03-10 14:21 -------- d-------- C:\Programme\music_manager
2007-03-10 14:21 -------- d-------- C:\Programme\magiciso
2007-03-10 14:21 -------- d-------- C:\Programme\hide ip platinum
2007-03-10 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\symantec shared
2007-03-10 14:21 -------- d-------- C:\Programme\dap
2007-03-09 22:30 -------- d-------- C:\Programme\microsoft activesync
2007-03-09 22:23 -------- d-------- C:\Programme\gamesload spiele
2007-03-08 19:34 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-03-08 19:34 -------- dr-h----- C:\DOKUME~1\Hanke\ANWEND~1\securom
2007-03-08 19:08 -------- d-------- C:\Programme\d-tools
2007-03-08 18:22 -------- d-------- C:\Programme\daemon tools
2007-03-08 18:01 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 19:49 -------- d-------- C:\Programme\sft loader
2007-03-04 20:03 -------- d-------- C:\DOKUME~1\Hanke\ANWEND~1\sprite software
2007-03-04 12:47 -------- d-------- C:\Programme\java
2007-03-03 13:12 -------- d-------- C:\Programme\microsoft works
2007-03-03 13:11 -------- d-------- C:\Programme\msbuild
2007-03-01 21:06 -------- d-------- C:\Programme\siber systems
2007-03-01 01:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 22:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-16 02:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-02-10 23:56 -------- d-------- C:\Programme\poweriso
2007-02-05 21:05 606848 --a------ C:\WINDOWS\flashax.exe
2007-02-05 21:05 12288 --a------ C:\WINDOWS\impborl.dll
2007-01-12 23:47 707344 --a------ C:\WINDOWS\system32\oodag.exe
2007-01-12 23:39 121616 --a------ C:\WINDOWS\system32\oodbs.exe
2007-01-12 23:21 667936 --a------ C:\WINDOWS\system32\wodhttp.dll
2007-01-12 23:21 17168 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-01-12 23:21 17168 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-01-12 23:21 11536 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-01-12 19:52 16656 --a------ C:\WINDOWS\system32\ootmapi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"tcactive"="C:\\Programme\\The Cleaner\\tca.exe"
"tcmonitor"="C:\\Programme\\The Cleaner\\tcm.exe"
"BDMCon"="\"C:\\Programme\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Programme\\Softwin\\BitDefender8\\bdnagent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\""
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PAVPRSRV
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SHLDDRV


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job
C:\WINDOWS\tasks\{C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job
C:\WINDOWS\tasks\{D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-09 14:54:14
C:\ComboFix-quarantined-files.txt ... 07-04-09 14:54
C:\ComboFix2.txt ... 07-04-08 19:31
C:\ComboFix3.txt ... 07-04-08 15:58


_________________________________________________________________________________________________________________________________________


C:\ComboFix-quarantined-files.txt

Code

04-08-04 01:58      140800    --a------    C:\Qoobox\Quarantine\WINDOWS\system32\TASKMGR.COM.vir 
04-08-04 01:58      153600    --a------    C:\Qoobox\Quarantine\WINDOWS\REGEDIT.COM.vir 


Auflistung der Ordnerpfade f�r Volume WinXP
Volumenummer: 2C44-6A19
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---WINDOWS
        |   REGEDIT.COM.vir
        |   
        \---system32
                TASKMGR.COM.vir
                

___________________________________________________________________________________________________________________________________________

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\system32

09.04.2007 14:31 2.148 wpa.dbl
09.04.2007 13:49 2.957 x_dtrace_log
09.04.2007 13:49 14 getfile.dat
09.04.2007 13:35 15.714 OODBS.lor
06.04.2007 20:13 2.322.432 TUKernel.exe
06.04.2007 15:03 403.968 perfh009.dat
06.04.2007 15:03 63.188 perfc009.dat
06.04.2007 15:03 418.970 perfh007.dat
06.04.2007 15:03 76.014 perfc007.dat
06.04.2007 15:03 974.848 PerfStringBackup.INI
04.04.2007 06:58 301.232 FNTCACHE.DAT
31.03.2007 19:43 2.321.280 kernel1.exe
31.03.2007 19:43 2.321.280 KERNEL.TMP
18.03.2007 15:52 58 SWCTL.DLL
17.03.2007 18:49 14.622 muzika.xm
17.03.2007 18:33 532.480 Audi R8 Screensaver.scr
15.03.2007 18:19 1.476.992 LegitCheckControl.dll
15.03.2007 18:17 337.280 WgaTray.exe
15.03.2007 18:16 236.928 WgaLogon.dll
12.03.2007 22:49 2.828 KGyGaAvL.sys
08.03.2007 19:34 108.144 CmdLineExt.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:32 1.843.712 win32k.sys
07.03.2007 22:36 12.619.736 MRT.exe
04.03.2007 12:47 9.857 jupdate-1.5.0_11-b03.log
01.03.2007 01:05 86.016 ElbyCDIO.dll
21.02.2007 12:47 31.232 msfDX.dll
18.02.2007 12:20 226.678 TZLog.log
29.01.2007 10:58 60.416 tzchange.exe
25.01.2007 14:52 617.472 urlmon.dll
23.01.2007 21:30 546.304 hhctrl.ocx
12.01.2007 23:47 707.344 oodag.exe
12.01.2007 23:39 121.616 oodbs.exe
12.01.2007 23:21 11.536 oodbsrs.dll
12.01.2007 23:21 704.800 wodHttp.ocx
12.01.2007 23:21 17.168 oodagrs.dll
12.01.2007 23:21 667.936 wodHttp.dll
12.01.2007 23:21 17.168 oodagmg.dll
12.01.2007 19:52 16.656 ootmapi.dll
11.01.2007 21:38 16.832 amcompat.tlb
11.01.2007 21:38 23.392 nscompat.tlb
05.01.2007 22:03 9.132 jupdate-1.5.0_10-b03.log
04.01.2007 15:41 664.576 wininet.dll
04.01.2007 15:41 474.624 shlwapi.dll
04.01.2007 15:41 1.494.528 shdocvw.dll
04.01.2007 15:41 39.424 pngfilt.dll
04.01.2007 15:41 532.480 mstime.dll
04.01.2007 15:40 146.432 msrating.dll
04.01.2007 15:40 448.512 mshtmled.dll
04.01.2007 15:40 3.077.632 mshtml.dll
04.01.2007 15:40 16.384 jsproxy.dll
04.01.2007 15:40 96.768 inseng.dll
04.01.2007 15:40 251.392 iepeers.dll
04.01.2007 15:40 1.056.256 danim.dll
04.01.2007 15:40 205.312 dxtrans.dll
04.01.2007 15:40 357.888 dxtmsft.dll
04.01.2007 15:40 55.808 extmgr.dll
04.01.2007 15:40 152.064 cdfview.dll
04.01.2007 15:40 1.023.488 browseui.dll
04.01.2007 13:52 123.392 xpsp3res.dll

2649 Datei(en) 531.629.232 Bytes
0 Verzeichnis(se), 86.661.050.368 Bytes frei
__________________________________________________________________________________________________________________________


Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\DOKUME~1\Hanke\LOKALE~1\Temp

09.04.2007 14:33 286 WCESLog.log
09.04.2007 14:32 49.152 ~DFD4CF.tmp
2 Datei(en) 49.438 Bytes
0 Verzeichnis(se), 86.661.050.368 Bytes frei
_____________________________________________________________________________________________________________________________

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS

29.01.2077 07:32 467 Faces.prf
09.04.2007 13:42 2.020 win.ini
09.04.2007 13:39 0 0.log
09.04.2007 13:37 159 wiadebug.log
09.04.2007 13:36 50 wiaservc.log
09.04.2007 13:35 2.048 bootstat.dat
09.04.2007 13:34 23.819 WindowsUpdate.log
08.04.2007 20:43 1.180.354 ntbtlog.txt
08.04.2007 19:42 13.855 setupapi.log
08.04.2007 14:51 0 Sti_Trace.log
08.04.2007 12:14 8.873.577 REGBK00.ZIP
06.04.2007 22:42 210 GSdx9 sse2.INI
06.04.2007 21:42 230 NeroDigital.ini
06.04.2007 11:10 54.156 QTFont.qfn
31.03.2007 18:52 3.932.214 ACD Hintergrund.bmp
17.03.2007 23:57 1.409 QTFont.for
15.03.2007 23:34 1.374 imsins.BAK
14.03.2007 20:45 9.292 super.chm
12.03.2007 20:38 45.530 FontData.fdb
10.03.2007 14:47 32.614 SchedLgU.Txt
05.02.2007 21:05 606.848 flashax.exe
05.02.2007 21:05 12.288 impborl.dll
24.01.2007 23:33 35 A6W.INI
24.01.2007 23:32 30.598 Run32A60.mch
24.01.2007 23:32 1.548 ODBC.INI
05.01.2007 22:27 2.462 system.ini
05.01.2007 22:01 3.763 mozver.dat

204 Datei(en) 56.132.906 Bytes
0 Verzeichnis(se), 86.661.033.984 Bytes frei
__________________________________________________________________________________________________________________________

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\temp

09.04.2007 14:32 409 WGANotify.settings
09.04.2007 14:31 255 WGAErrLog.txt
2 Datei(en) 664 Bytes
0 Verzeichnis(se), 86.661.038.080 Bytes frei
_______________________________________________________________________________________________________________________


Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11.12.2006 17:44 367 LegitCheckControl.inf
22.01.2005 16:37 65 desktop.ini
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
3 Datei(en) 1.594 Bytes
0 Verzeichnis(se), 86.661.033.984 Bytes frei
_____________________________________________________________________________________________________________________________________


Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\

09.04.2007 14:43 0 sys.txt
09.04.2007 14:43 418 down.txt
09.04.2007 14:42 326 tmp.txt
09.04.2007 14:41 10.575 system.txt
09.04.2007 14:41 333 systemtemp.txt
09.04.2007 14:40 129.839 system32.txt
09.04.2007 13:27 582 found.txt
09.04.2007 08:45 0 23990098.$$$
08.04.2007 20:24 2.490 avenger.txt
08.04.2007 19:31 16.368 ComboFix.txt
08.04.2007 19:31 144 ComboFix-quarantined-files.txt
08.04.2007 18:02 0 AUTOEXEC.BAT
08.04.2007 18:02 0 CONFIG.SYS
08.04.2007 15:58 18.275 ComboFix2.txt
08.04.2007 14:24 2.472 clean.bat
08.04.2007 12:05 14.776.424 mwav.exe
06.04.2007 20:13 389 boot.ini
10.03.2007 20:57 43 MENU.CFG

28 Datei(en) 15.368.801 Bytes
0 Verzeichnis(se), 86.661.029.888 Bytes frei
_________________________________________________________________________________________________________________________

#2 Juergen1511

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

Folders to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\bases

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
scanne mit Bitdefender/Online und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabina,
konnte leider nicht eher.
Ich habe die Dateien und Verzeichnisse mit Avenger gelöscht und dann im normalen Modus den Bitdefender laufen lassen. Beim starten des Explorers ging dann schon wieder das Fenster mit dem Broadcaster auf. Der Scanner hat dann aber nichts gefunden.


BitDefender Online Scanner - Real Time Virus Report
Generated at: Thu, Apr 12, 2007 - 18:59:15
Scan Info
Scanned Files
896565
Infected Files
0
Virus Detected
No virus found.


This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Ich habe nochmal einen aktuellen Comboscan hinzugefügt

ComboScan v20070306.20 run by Hanke on 2007-04-12 at 19:06:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Hanke.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:06:27, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Logitech\G-series Software\LGDCore.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOKUME~1\Hanke\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOKUME~1\Hanke\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Hanke\Desktop\Virus 08.04.07\comboscan.exe
C:\HJT\Hanke.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AHQInit] C:\Programme\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Programme\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe


-- Files created between 2007-03-12 and 2007-04-12 -----------------------------

2007-04-11 21:43:50 0 d-------- C:\WINDOWS\LastGood
2007-04-11 21:39:36 0 d-------- C:\avenger
2007-04-11 20:43:19 0 d-------- C:\Programme\Alwil Software<ALWILS~1>
2007-04-10 21:41:36 0 d-------- C:\SAV32CLI
2007-04-10 18:10:56 0 d-------- C:\WINDOWS\Prefetch
2007-04-09 22:08:51 0 d-------- C:\Programme\Anti Trojan Elite<ANTITR~1>
2007-04-09 21:24:29 0 d-------- C:\UBCD4Win
2007-04-09 16:54:10 14 --a------ C:\Dokumente und Einstellungen\Hanke\getfile.dat
2007-04-09 15:16:08 0 d-------- C:\Programme\ClearProg<CLEARP~1>
2007-04-09 13:49:25 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-04-09 13:41:14 0 d-------- C:\Programme\Gemeinsame Dateien\Softwin
2007-04-08 21:30:16 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-08 21:30:16 163856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-08 21:30:16 0 d-------- C:\Programme\Gemeinsame Dateien\Panda Software<PANDAS~1>
2007-04-08 20:10:24 287 --a------ C:\startmwav.bat<STARTM~1.BAT>
2007-04-08 19:47:50 130048 --a------ C:\avenger.exe
2007-04-08 17:51:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 17:45:50 0 d-------- C:\Programme\The Cleaner<THECLE~1>
2007-04-08 14:57:09 0 d--h----- C:\WINDOWS\Icons
2007-04-08 14:24:20 2472 --a------ C:\clean.bat
2007-04-08 14:21:49 0 d-------- C:\Programme\ETRemover<ETREMO~1>
2007-04-08 13:32:36 0 d-------- C:\Programme\L2MRemover<L2MREM~1>
2007-04-08 12:03:02 14776424 --a------ C:\mwav.exe
2007-04-07 22:33:09 72320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-07 22:11:41 0 d-------- C:\Programme\Ultra Video Splitter<ULTRAV~1>



-- Find3M Report ---------------------------------------------------------------

2007-04-12 19:00:35 0 d-------- C:\Programme\Mozilla Firefox
2007-04-11 20:57:40 0 d-------- C:\Programme\IsoBuster<ISOBUS~1>
2007-04-11 20:44:00 0 d-------- C:\Dokumente und Einstellungen\Hanke\Anwendungsdaten\Azureus
2007-04-10 21:51:48 0 d-------- C:\Programme\CureROM
2007-04-09 23:05:29 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1>
2007-04-09 23:02:30 0 d-------- C:\Programme\Symantec
2007-04-09 17:23:09 419580 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-09 17:23:09 76624 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-09 17:07:26 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-04-09 13:41:14 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-04-08 18:02:58 0 --a------ C:\CONFIG.SYS
2007-04-08 18:02:58 0 -----n--- C:\AUTOEXEC.BAT
2007-04-07 23:19:41 0 d-------- C:\Programme\EndItAll




-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe"
"Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"Norman ZANDA"="C:\\VIRUSfighter\\Bin\\ZLH.EXE /LOAD /SPLASH"
"Anti Trojan Elite"="C:\\Programme\\Anti Trojan Elite\\TJEnder.exe :NO"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\""
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



-- End of ComboScan: finished at 2007-04-12 at 19:07:19 ------------------------



Hier nochmal die filelistings

----- Root -----------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\

12.04.2007 19:15 1.774 sys.txt
12.04.2007 19:15 900 down.txt
12.04.2007 19:15 568 tmp.txt
12.04.2007 19:14 1.989 system.txt
12.04.2007 19:13 3.305 systemtemp.txt
12.04.2007 19:13 721 system32.txt
11.04.2007 21:37 2.147.483.648 pagefile.sys
11.04.2007 21:36 2.054 avenger.txt
10.04.2007 18:05 278 rapport_clean.txt
09.04.2007 23:07 194.315 nonav.log
09.04.2007 20:37 468 errorlog.txt
09.04.2007 14:54 16.709 ComboFix.txt
09.04.2007 14:54 466 ComboFix-quarantined-files.txt
09.04.2007 13:27 582 found.txt
09.04.2007 08:45 0 23990098.$$$
08.04.2007 19:31 16.368 ComboFix2.txt
08.04.2007 18:02 0 CONFIG.SYS
08.04.2007 18:02 0 AUTOEXEC.BAT
08.04.2007 15:58 18.275 ComboFix3.txt
08.04.2007 14:24 2.472 clean.bat
08.04.2007 12:05 14.776.424 mwav.exe
06.04.2007 20:13 389 boot.ini
32 Datei(en) 2.162.927.479 Bytes
0 Verzeichnis(se), 82.469.138.432 Bytes frei

----- System32 -------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\system32

11.04.2007 21:39 2.148 wpa.dbl
11.04.2007 21:36 21.243 OODBS.lor
11.04.2007 21:28 2.953 CONFIG.NT
09.04.2007 17:23 404.578 perfh009.dat
09.04.2007 17:23 63.798 perfc009.dat
09.04.2007 17:23 419.580 perfh007.dat
09.04.2007 17:23 76.624 perfc007.dat
09.04.2007 17:23 975.946 PerfStringBackup.INI
09.04.2007 13:49 2.957 x_dtrace_log
09.04.2007 13:49 14 getfile.dat
06.04.2007 20:13 2.322.432 TUKernel.exe



2637 Datei(en) 527.974.464 Bytes
0 Verzeichnis(se), 82.469.011.456 Bytes frei

----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\Prefetch


----- Windows --------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS

29.01.2077 07:32 467 Faces.prf
12.04.2007 19:10 202.652 WindowsUpdate.log
11.04.2007 21:44 24.077 setupapi.log
11.04.2007 21:38 0 0.log
11.04.2007 21:38 159 wiadebug.log
11.04.2007 21:37 50 wiaservc.log
11.04.2007 21:37 2.048 bootstat.dat
11.04.2007 21:28 1.983 win.ini
11.04.2007 20:51 8.200 comsetup.log
11.04.2007 20:51 4.970 ntdtcsetup.log
11.04.2007 20:51 26.854 iis6.log
11.04.2007 20:51 1.374 imsins.log
11.04.2007 20:51 11.284 tsoc.log
11.04.2007 20:51 1.244 tabletoc.log
11.04.2007 20:51 1.368 ocmsn.log
11.04.2007 20:51 15.763 KB931784.log
11.04.2007 20:51 4.332 netfxocm.log
11.04.2007 20:51 11.664 ocgen.log
11.04.2007 20:51 1.700 MedCtrOC.log
11.04.2007 20:51 1.236 msgsocm.log
11.04.2007 20:51 24.730 FaxSetup.log
11.04.2007 20:51 7.582 msmqinst.log
11.04.2007 20:51 1.374 imsins.BAK
11.04.2007 20:51 13.976 KB931261.log
11.04.2007 20:51 1.883 updspapi.log
11.04.2007 20:51 13.456 KB930178.log
11.04.2007 20:51 13.377 KB932168.log
10.04.2007 18:06 1.807.814 ntbtlog.txt
10.04.2007 18:03 180 setupact.log
10.04.2007 18:02 0 setuperr.log
09.04.2007 20:38 98 lecaxjgo.txt
08.04.2007 14:51 0 Sti_Trace.log
08.04.2007 12:14 8.873.577 REGBK00.ZIP
06.04.2007 22:42 210 GSdx9 sse2.INI
06.04.2007 21:42 230 NeroDigital.ini
06.04.2007 11:10 54.156 QTFont.qfn
223 Datei(en) 56.848.868 Bytes
0 Verzeichnis(se), 82.468.995.072 Bytes frei

----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\tasks

11.04.2007 21:57 322 MP Scheduled Scan.job
06.04.2007 20:03 396 1-Klick-Wartung.job
10.03.2007 14:47 6 SA.DAT
26.02.2007 17:00 386 {D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job
16.02.2007 17:00 386 {C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job
16.02.2007 10:00 386 {3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job
18.08.2001 14:00 65 desktop.ini
7 Datei(en) 1.947 Bytes
0 Verzeichnis(se), 82.468.995.072 Bytes frei

----- Wintemp --------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\temp

11.04.2007 21:57 2.388 MpCmdRun.log
11.04.2007 21:39 409 WGANotify.settings
11.04.2007 21:37 255 WGAErrLog.txt
11.04.2007 20:58 524.288 TMP00000041F945FEB601FB34AD
11.04.2007 20:58 524.288 TMP000000403760CF7B7F19B389
11.04.2007 20:46 16.384 Perflib_Perfdata_608.dat
6 Datei(en) 1.068.012 Bytes
0 Verzeichnis(se), 82.468.995.072 Bytes frei

----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\DOKUME~1\Hanke\LOKALE~1\Temp

12.04.2007 19:16 144.275 filelist.txt
12.04.2007 18:45 711 xml6B.tmp
12.04.2007 18:45 711 xml6A.tmp
12.04.2007 18:45 711 xml69.tmp
12.04.2007 17:45 711 xml68.tmp
12.04.2007 17:45 711 xml67.tmp
12.04.2007 17:45 711 xml66.tmp
12.04.2007 16:45 711 xml65.tmp
12.04.2007 16:45 711 xml64.tmp
12.04.2007 16:45 711 xml63.tmp
12.04.2007 16:45 59.964 Adobelm_Cleanup.0001
12.04.2007 15:45 711 xml5E.tmp
12.04.2007 15:45 711 xml5D.tmp
12.04.2007 15:45 711 xml5C.tmp
12.04.2007 14:45 711 xml5B.tmp
12.04.2007 14:45 711 xml5A.tmp
12.04.2007 14:45 711 xml59.tmp
12.04.2007 13:45 711 xml58.tmp
12.04.2007 13:45 711 xml57.tmp
12.04.2007 13:45 711 xml56.tmp
12.04.2007 12:45 711 xml55.tmp
12.04.2007 12:45 711 xml54.tmp
12.04.2007 12:45 711 xml53.tmp
12.04.2007 11:45 711 xml52.tmp
12.04.2007 11:45 711 xml51.tmp
12.04.2007 11:45 711 xml50.tmp
12.04.2007 10:45 711 xml4F.tmp
12.04.2007 10:45 711 xml4E.tmp
12.04.2007 10:45 711 xml4D.tmp
12.04.2007 09:45 711 xml4C.tmp
12.04.2007 09:45 711 xml4B.tmp
12.04.2007 09:45 711 xml4A.tmp
12.04.2007 08:45 711 xml49.tmp
12.04.2007 08:45 711 xml48.tmp
12.04.2007 08:45 711 xml47.tmp
12.04.2007 07:45 711 xml46.tmp
12.04.2007 07:45 711 xml45.tmp
12.04.2007 07:45 711 xml44.tmp
12.04.2007 06:45 711 xml43.tmp
12.04.2007 06:45 711 xml42.tmp
12.04.2007 06:45 711 xml41.tmp
12.04.2007 04:47 711 xml40.tmp
12.04.2007 04:46 711 xml3F.tmp
12.04.2007 04:45 711 xml3E.tmp
12.04.2007 03:43 711 xml3D.tmp
12.04.2007 03:43 711 xml3C.tmp
12.04.2007 03:43 711 xml3B.tmp
12.04.2007 02:41 711 xml3A.tmp
12.04.2007 02:41 711 xml39.tmp
12.04.2007 02:41 711 xml38.tmp
12.04.2007 01:42 711 xml37.tmp
12.04.2007 01:42 711 xml36.tmp
12.04.2007 01:40 711 xml35.tmp
11.04.2007 23:40 711 xml34.tmp
11.04.2007 23:40 711 xml33.tmp
11.04.2007 23:40 711 xml32.tmp
11.04.2007 22:39 711 xml31.tmp
11.04.2007 22:39 711 xml30.tmp
11.04.2007 22:39 711 xml2F.tmp
11.04.2007 21:40 32.768 ~DF2CE.tmp
11.04.2007 21:39 711 xml5.tmp
11.04.2007 21:39 711 xml4.tmp
11.04.2007 21:39 711 xml3.tmp
11.04.2007 21:38 16.384 ~DFE9F2.tmp
11.04.2007 21:38 49.152 ~DFED96.tmp
11.04.2007 21:38 9.587 WCESLog.log
66 Datei(en) 354.790 Bytes
0 Verzeichnis(se), 82.468.990.976 Bytes frei

********************************************************

"Hanke" - 07-04-12 19:23:00 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\Hanke\Desktop\Virus 08.04.07"


((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))


2007-04-11 21:43 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-11 21:39 <DIR> d-------- C:\avenger
2007-04-11 20:43 <DIR> d-------- C:\Programme\Alwil Software
2007-04-10 21:41 <DIR> d-------- C:\SAV32CLI
2007-04-10 18:10 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-09 23:05 <DIR> d-------- C:\Temp\NoNav
2007-04-09 22:08 <DIR> d-------- C:\Programme\Anti Trojan Elite
2007-04-09 21:24 <DIR> d-------- C:\UBCD4Win
2007-04-09 16:54 14 --a------ C:\DOKUME~1\Hanke\getfile.dat
2007-04-09 15:23 <DIR> d-------- C:\Temp\tn3
2007-04-09 15:16 <DIR> d-------- C:\Programme\ClearProg
2007-04-09 13:49 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-04-08 21:30 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-08 21:30 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-08 21:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2007-04-08 20:10 287 --a------ C:\startmwav.bat
2007-04-08 19:47 130,048 --a------ C:\avenger.exe
2007-04-08 17:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 17:45 <DIR> d-------- C:\Programme\The Cleaner
2007-04-08 14:57 <DIR> d--h----- C:\WINDOWS\Icons
2007-04-08 14:24 2,472 --a------ C:\clean.bat
2007-04-08 14:21 <DIR> d-------- C:\Programme\ETRemover
2007-04-08 13:32 <DIR> d-------- C:\Programme\L2MRemover
2007-04-08 12:03 14,776,424 --a------ C:\mwav.exe
2007-04-07 22:33 72,320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-07 22:11 <DIR> d-------- C:\Programme\Ultra Video Splitter
2007-04-06 23:11 <DIR> d-------- C:\Programme\Pcsx2
2007-04-06 22:07 <DIR> d-------- C:\Programme\SuperFlexible
2007-04-06 21:50 <DIR> d-------- C:\Programme\Driver-Soft
2007-04-06 21:39 <DIR> d-------- C:\Programme\F„lscherwerkstatt2
2007-04-06 20:18 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-06 20:13 2,322,432 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-04-06 20:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2006
2007-04-06 20:03 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\TuneUp Software
2007-04-06 20:02 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-04-06 19:27 <DIR> d-------- C:\wifitemp
2007-04-06 19:27 <DIR> d-------- C:\Programme\WiFi Hopper
2007-04-06 17:58 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\WinRAR



(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-11 20:57 -------- d-------- C:\Programme\isobuster
2007-04-10 21:51 -------- d-------- C:\Programme\curerom
2007-04-09 23:05 -------- d-------- C:\Programme\Gemeinsame Dateien\symantec shared
2007-04-09 23:02 -------- d-------- C:\Programme\symantec
2007-04-09 17:23 76624 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-09 17:23 419580 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-09 17:07 -------- d--h----- C:\Programme\installshield installation information
2007-04-08 18:02 0 --a------ C:\CONFIG.SYS
2007-04-08 18:02 0 --------- C:\AUTOEXEC.BAT
2007-04-07 23:19 -------- d-------- C:\Programme\enditall
2007-04-07 20:10 -------- d-------- C:\Programme\emule
2007-04-06 22:02 -------- d-------- C:\Programme\yahoo!
2007-04-06 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-06 17:16 -------- d-------- C:\Programme\tvgenial



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"ccleaner"="\"C:\\Programme\\CCleaner\\ccleaner.exe\" /AUTO"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe"
"Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"Norman ZANDA"="C:\\VIRUSfighter\\Bin\\ZLH.EXE /LOAD /SPLASH"
"Anti Trojan Elite"="C:\\Programme\\Anti Trojan Elite\\TJEnder.exe :NO"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\""
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job
C:\WINDOWS\tasks\{C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job
C:\WINDOWS\tasks\{D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-12 19:26:57
C:\ComboFix-quarantined-files.txt ... 07-04-12 19:26
C:\ComboFix2.txt ... 07-04-09 14:54
C:\ComboFix3.txt ... 07-04-08 19:31
*******************************************************
Danke für Deine Bemühungen
Gruß Jürgen

#4

Zitat

Beim starten des Explorers ging dann schon wieder das Fenster mit dem Broadcaster auf

erklaere mir das bitte genauer - ich verstehe nicht, was du meinst
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Ich habe den Explorer gestartet um den Bitdefender online zu starten. Und immer wenn ich den Explorer oder Firefox öffne, öffnet sich kurz darauf ein weiteres Fenster mit der Site Broadcaster.com und später dann auch Winantivirus oder Drivecleaner oder andere Werbebanner

Noch ein paar URL´s die sich öffnen:
b.casalemedia.com
searchportal.information.com
pcsecurityshield.com
adversing.cpxinteractive.com

#6 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Dokumente und Einstellungen\All Users\Desktop" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Desktop" >>files.txt
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#7 Guten Morgen Sabina,
hier die Listings...
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Desktop

12.04.2007 21:23 <DIR> .
12.04.2007 21:23 <DIR> ..
12.04.2007 21:23 608 NOD32 Scanner.lnk
1 Datei(en) 608 Bytes
2 Verzeichnis(se), 82.981.531.648 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Desktop

13.04.2007 07:01 <DIR> .
13.04.2007 07:01 <DIR> ..
09.04.2007 21:10 445 (D) an Maxi.lnk
09.04.2007 19:47 58.880 Antisasser-EN.exe
08.04.2007 15:05 104 Arbeitsplatz.lnk
25.02.2006 23:28 130.048 avenger.exe
10.04.2007 17:45 <DIR> clean
09.04.2007 18:49 673 cleaner.exe.lnk
09.04.2007 15:16 671 ClearProg.lnk
08.04.2007 15:02 281 DATEN1 (F).lnk
08.04.2007 15:02 281 DATEN2 (G).lnk
04.04.2007 18:05 <DIR> Diverse Dokumente
31.03.2007 18:45 <DIR> Diverse Programme
07.04.2007 16:53 <DIR> Diverse Websites
08.04.2007 15:08 578 Eigene Bilder.lnk
10.04.2007 21:00 303 Eigene Dokumente.lnk
08.04.2007 15:07 520 Eigene Musik (F).lnk
08.04.2007 15:07 365 Eigene Musik (G).lnk
12.04.2007 20:28 103 Isass.exe.txt
08.04.2007 15:09 208 Kfz.lnk
31.03.2007 21:58 <DIR> Kopierprogramme
13.04.2007 07:01 1.133 listen.bat
10.03.2007 20:26 <DIR> Medienprogramme
08.04.2007 15:08 619 My Completed Downloads.lnk
12.04.2007 19:22 <DIR> neue Downloads
09.04.2007 22:48 <DIR> NoNav
11.04.2007 21:35 66 Online Virenscanner.URL
12.04.2007 20:19 61 Popups von DriveCleaner.URL
09.04.2007 15:29 95 Protecus.URL
14.04.2004 13:28 <DIR> SAVCORP_90
31.03.2007 18:47 <DIR> Sonstiges
11.03.2007 22:10 <DIR> Spiele
08.04.2007 16:17 <DIR> Systemprogramme
08.04.2007 15:03 124 Systemsteuerung.lnk
08.04.2007 15:09 692 Torrents.lnk
09.04.2007 19:33 610 UnHookExec.inf
12.04.2007 21:06 217.692 Upgrade Advisor-Taskliste.mht
12.04.2007 22:08 <DIR> Virus 08.04.07
12.04.2007 20:57 1.961 Windows Vista Upgrade Advisor.lnk
09.04.2007 19:50 2.715.928 WindowsXP-KB835732-x86-DEU.EXE
12.04.2007 21:43 <DIR> WinPFind
08.04.2007 15:02 298 WinXP (C).lnk
08.04.2007 15:09 581 Word Dokumente.lnk
27 Datei(en) 3.133.320 Bytes
16 Verzeichnis(se), 82.981.527.552 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Windows\System32\Com

21.10.2005 03:02 <DIR> .
21.10.2005 03:02 <DIR> ..
26.07.2005 06:39 195.072 comadmin.dll
18.08.2001 14:00 61.440 comempty.dat
18.08.2001 14:00 77.348 comexp.msc
04.08.2004 01:57 9.728 comrepl.exe
18.08.2001 14:00 5.120 comrereg.exe
18.08.2001 14:00 19.456 mtsadmin.tlb
6 Datei(en) 368.164 Bytes
2 Verzeichnis(se), 82.981.527.552 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Windows\system32\config

11.04.2007 21:19 <DIR> .
11.04.2007 21:19 <DIR> ..
05.04.2007 21:04 524.288 ACEEvent.evt
11.04.2007 20:44 65.536 Antiviru.evt
11.04.2007 21:29 65.536 Antivirus.Evt
12.04.2007 22:19 524.288 AppEvent.Evt
12.04.2007 22:19 524.288 default
22.01.2005 17:26 94.208 default.sav
01.06.2006 12:27 65.536 Internet.evt
08.04.2007 14:49 65.536 ODiag.evt
12.04.2007 22:19 131.072 OSession.evt
14.11.2006 08:07 <DIR> RCCBakup
12.04.2007 22:19 262.144 SAM
22.01.2005 16:27 65.536 SecEvent.Evt
12.04.2007 22:19 262.144 SECURITY
12.04.2007 22:19 45.350.912 software
22.01.2005 17:26 634.880 software.sav
12.04.2007 22:19 524.288 SysEvent.Evt
12.04.2007 22:20 6.553.600 system
22.01.2005 17:26 397.312 system.sav
10.04.2007 18:10 <DIR> systemprofile
22.01.2005 17:26 262.144 userdiff
18 Datei(en) 56.373.248 Bytes
4 Verzeichnis(se), 82.981.523.456 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\system32

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\Downloaded Program Files

07.12.2004 16:07 32 bdcore.dll
01.03.2005 14:08 118.784 bdupd.dll
11.07.2006 09:41 345.656 ewidoOnlineScan.dll
01.03.2005 14:08 53.248 ipsupd.dll
08.08.2006 11:45 576 kavwebscan.inf
09.03.2005 15:42 6.742 lang.ini
11.12.2006 17:44 367 LegitCheckControl.inf
07.12.2004 16:07 32 libfn.dll
18.02.2005 16:22 126 live.ini
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
01.06.2006 02:57 1.331 oscan8.inf
01.06.2006 02:54 471.040 oscan8.ocx
31.05.2006 04:15 10 oscan81.ocx_x
09.03.2005 15:43 6.828 scanoptions.tsi
14 Datei(en) 1.005.934 Bytes
0 Verzeichnis(se), 82.981.523.456 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Programme\Common Files

25.03.2007 09:34 <DIR> .
25.03.2007 09:34 <DIR> ..
11.04.2005 17:22 <DIR> Microsoft Shared
25.03.2007 09:34 <DIR> Motorola Shared
0 Datei(en) 0 Bytes
4 Verzeichnis(se), 82.981.523.456 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke

12.04.2007 22:07 <DIR> .
12.04.2007 22:07 <DIR> ..
01.11.2005 12:54 35 .antileechdir
17.02.2007 21:20 3.863 .jmf-resource
11.04.2007 12:29 0 00B735D8_kds.xml
23.10.2006 20:41 7.195 1161629371-oem0.inf
23.10.2006 20:42 14.310 1161629371-oem0.PNF
23.10.2006 20:41 5.877 1161629371-oem1.inf
23.10.2006 20:42 12.836 1161629371-oem1.PNF
23.10.2006 20:41 5.891 1161629371-oem2.inf
23.10.2006 20:42 12.562 1161629371-oem2.PNF
23.10.2006 20:49 7.195 1161630562-oem0.inf
23.10.2006 20:49 14.310 1161630562-oem0.PNF
23.10.2006 20:49 5.877 1161630563-oem1.inf
23.10.2006 20:49 12.836 1161630563-oem1.PNF
23.10.2006 20:49 5.891 1161630564-oem2.inf
23.10.2006 20:49 12.562 1161630564-oem2.PNF
23.10.2006 21:09 7.195 1161632373-oem0.inf
23.10.2006 21:09 14.310 1161632373-oem0.PNF
23.10.2006 21:09 5.877 1161632373-oem1.inf
23.10.2006 21:09 12.836 1161632373-oem1.PNF
23.10.2006 21:09 5.891 1161632374-oem2.inf
23.10.2006 21:09 12.562 1161632374-oem2.PNF
08.04.2007 12:18 <DIR> Anwendungsdaten
12.02.2005 18:27 <DIR> Application Data
06.04.2007 15:52 189 default.pls
13.04.2007 07:01 <DIR> Desktop
09.11.2006 20:30 3 dxva_sig.txt
25.10.2005 20:44 <DIR> Eigene Dateien
21.04.2006 18:37 <DIR> Favoriten
11.04.2007 18:31 14 getfile.dat
20.10.2006 13:37 <DIR> harmony
01.11.2005 19:23 10.311 jap.conf
22.10.2002 06:57 1.334 License.lic
20.10.2006 13:52 <DIR> Logitech
25.03.2005 14:46 100 LuResult.txt
23.10.2006 21:39 97.829 Motorola_Driver_Log.txt
07.01.2006 13:22 <DIR> out
06.04.2007 17:56 <DIR> Startmen�
23.10.2006 21:39 7.195 USBMOT2000.INF
23.10.2006 21:39 5.891 USBMOT2000XP.INF
23.10.2006 21:39 22.768 usbsermpt.sys
23.10.2006 21:39 24.192 usbsermptxp.sys
23.10.2006 21:39 5.877 USB_CMCS_2000.INF
25.01.2005 22:40 <DIR> WINDOWS
11.04.2007 18:31 3.137 x_dtrace_log
34 Datei(en) 358.751 Bytes
12 Verzeichnis(se), 82.981.519.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Temporary Internet Files\Content.IE5

13.04.2007 06:58 114.688 index.dat
1 Datei(en) 114.688 Bytes
0 Verzeichnis(se), 82.981.519.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Temp

13.04.2007 06:57 <DIR> .
13.04.2007 06:57 <DIR> ..
13.04.2007 05:52 <DIR> ewido_quarantine
12.04.2007 22:35 <DIR> ewido_signatures
13.04.2007 06:57 <DIR> KAV Updater update files
12.04.2007 22:07 49.152 ~DF24B.tmp
1 Datei(en) 49.152 Bytes
5 Verzeichnis(se), 82.981.519.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\WINDOWS\Temp

12.04.2007 22:40 <DIR> .
12.04.2007 22:40 <DIR> ..
12.04.2007 22:40 796 MpCmdRun.log
12.04.2007 22:20 255 WGAErrLog.txt
12.04.2007 22:21 409 WGANotify.settings
3 Datei(en) 1.460 Bytes
2 Verzeichnis(se), 82.981.519.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Temp

12.04.2007 22:07 <DIR> .
12.04.2007 22:07 <DIR> ..
12.04.2007 22:07 <DIR> tn3
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 82.981.519.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Programme

12.04.2007 20:57 <DIR> .
12.04.2007 20:57 <DIR> ..
29.01.2005 21:58 <DIR> ACD Systems
26.09.2005 20:02 <DIR> ACE Mega CoDecS Pack
01.05.2006 12:37 <DIR> Adobe
29.09.2005 20:02 <DIR> Ahead
26.04.2005 19:14 <DIR> Alcohol Soft
11.04.2007 20:43 <DIR> Alwil Software
08.09.2005 20:51 <DIR> AM-DeadLink
09.04.2007 22:29 <DIR> Anti Trojan Elite
12.04.2005 16:57 <DIR> Arcor
01.04.2007 16:09 <DIR> Arcor Fotoservice
05.02.2007 22:16 <DIR> ATI Technologies
17.03.2007 13:21 <DIR> Auction Sentry Deluxe
19.03.2006 22:13 <DIR> Audio 180 %
07.08.2006 18:09 <DIR> AvantGo Connect
26.09.2006 17:53 <DIR> Avisynth
31.03.2007 22:21 <DIR> AviSynth 2.5
03.09.2006 19:55 <DIR> BayWatcher Pro
26.07.2005 17:31 <DIR> Blaze Media Pro
18.02.2006 18:31 <DIR> Borland
02.07.2006 12:09 <DIR> Canon
02.10.2006 20:36 <DIR> CCleaner
22.01.2005 19:40 <DIR> CDRWIN3
08.04.2007 15:36 <DIR> CleanUp!
09.04.2007 15:16 <DIR> ClearProg
19.02.2006 16:12 <DIR> CloneDVD
04.10.2005 18:51 <DIR> Common
25.03.2007 09:34 <DIR> Common Files
09.08.2005 20:23 <DIR> CompChecker
18.08.2005 20:08 <DIR> coolpro2
22.01.2005 20:00 <DIR> Copernic 2001 Pro
18.08.2006 16:50 <DIR> Corel
01.05.2006 12:37 <DIR> Creative
10.04.2007 21:51 <DIR> CureROM
08.03.2007 19:08 <DIR> D-Tools
08.03.2007 18:22 <DIR> DAEMON Tools
10.03.2007 14:21 <DIR> DAP
06.08.2006 23:50 <DIR> DaViDeo2006Fotos
14.04.2006 11:01 <DIR> Dbox2 Bootmanager
06.06.2006 10:06 <DIR> DivX
06.04.2007 21:50 <DIR> Driver-Soft
19.02.2006 13:25 <DIR> DVD Decrypter
10.03.2007 20:14 <DIR> DVD Shrink
08.08.2006 21:11 <DIR> DVDFab Platinum
25.06.2006 16:56 <DIR> EdenCity
07.04.2007 23:19 <DIR> EndItAll
31.03.2007 23:12 <DIR> eRightSoft
12.04.2007 22:02 <DIR> ESET
08.04.2007 14:21 <DIR> ETRemover
17.12.2005 00:24 <DIR> ewido
15.11.2006 19:57 <DIR> FileSync
20.03.2007 21:50 <DIR> FireTrust
09.12.2006 14:39 <DIR> FLVPlayer
18.03.2007 20:50 <DIR> fp.leecher
06.04.2007 21:39 <DIR> F„lscherwerkstatt2
09.03.2007 22:23 <DIR> Gamesload Spiele
09.04.2007 13:41 <DIR> Gemeinsame Dateien
26.09.2005 19:23 <DIR> Google
25.10.2005 16:44 <DIR> Hewlett-Packard
10.03.2007 14:21 <DIR> Hide IP Platinum
13.04.2006 16:58 <DIR> IBM
20.09.2006 21:38 <DIR> ICQLite
08.08.2006 17:36 <DIR> ImTOO
18.02.2007 12:18 <DIR> Internet Explorer
11.04.2007 20:57 <DIR> IsoBuster
04.03.2007 12:47 <DIR> Java
02.10.2006 10:55 <DIR> Just Sudoku PE
18.03.2007 20:13 <DIR> Kisi
08.04.2007 13:32 <DIR> L2MRemover
03.10.2006 09:14 <DIR> Lavasoft
27.06.2006 21:39 <DIR> LcdStudio
13.08.2005 00:58 <DIR> Leadtek
01.02.2006 23:29 <DIR> LeechFTP
23.10.2006 20:46 <DIR> Logitech
29.01.2005 22:43 <DIR> Macromedia
10.03.2007 14:21 <DIR> MagicISO
09.08.2006 20:14 <DIR> MC2
26.09.2005 19:33 <DIR> MEDION
12.02.2005 08:48 <DIR> Messenger
09.03.2007 22:30 <DIR> Microsoft ActiveSync
10.05.2006 21:33 <DIR> Microsoft AntiSpyware
08.07.2006 12:23 <DIR> Microsoft AutoRoute
22.01.2005 16:38 <DIR> microsoft frontpage
22.01.2005 17:55 <DIR> Microsoft IntelliPoint 4.1
15.12.2006 21:48 <DIR> Microsoft Office
12.01.2007 20:53 <DIR> Microsoft Office2003
04.10.2005 17:31 <DIR> Microsoft Visual Studio
15.12.2006 21:37 <DIR> Microsoft Visual Studio 8
12.04.2007 20:57 <DIR> Microsoft Windows Vista Upgrade Advisor
03.03.2007 13:12 <DIR> Microsoft Works
22.01.2005 22:05 <DIR> Microsoft.NET
25.05.2006 12:51 <DIR> MorePics
25.03.2007 09:34 <DIR> Motorola
22.01.2005 17:24 <DIR> Movie Maker
12.04.2007 21:31 <DIR> Mozilla Firefox
03.03.2007 13:11 <DIR> MSBuild
22.01.2005 16:34 <DIR> MSN Gaming Zone
16.11.2006 07:57 <DIR> MSXML 4.0
10.03.2007 14:21 <DIR> Music_Manager
29.09.2005 19:14 <DIR> Nero
08.04.2007 09:25 <DIR> NetMeeting
12.12.2006 17:42 <DIR> OnlineControl
11.03.2007 16:19 <DIR> OO Software
16.12.2006 12:05 <DIR> Outlook Express
09.11.2006 18:11 <DIR> outlookDuplicates
09.04.2007 18:39 <DIR> Pcsx2
10.02.2007 23:56 <DIR> PowerISO
30.01.2005 13:47 <DIR> PowerQuest
10.12.2005 14:29 <DIR> QuickTime
26.07.2005 20:21 <DIR> Radeon Omega Drivers
19.02.2005 16:39 <DIR> Real
24.09.2006 21:31 <DIR> ReClock
10.03.2007 15:59 <DIR> RegCleaner
10.03.2007 18:03 <DIR> RipIt4Me
30.04.2006 22:20 <DIR> ScanSoft
05.01.2007 21:23 <DIR> SDP Multimedia
06.03.2007 19:49 <DIR> SFT Loader
01.03.2007 21:06 <DIR> Siber Systems
21.08.2006 20:58 <DIR> Sierra
31.03.2007 21:45 <DIR> SlySoft
08.04.2007 10:18 <DIR> Spybot - Search & Destroy
19.11.2006 21:07 <DIR> Stardock
12.09.2006 18:08 <DIR> Sunbelt Software
06.04.2007 22:07 <DIR> SuperFlexible
02.07.2006 12:48 <DIR> Support Tools
09.04.2007 23:02 <DIR> Symantec
07.04.2006 21:11 <DIR> TechSmith
02.07.2006 12:16 <DIR> Telekom
22.01.2005 23:29 <DIR> TGTSoft
12.04.2007 22:06 <DIR> The Cleaner
02.10.2005 19:45 <DIR> TMPGEnc Plus-2.610.49.157
31.03.2007 17:49 <DIR> TomTom Media Center
26.09.2006 17:53 <DIR> Tsunami-Filter-Pack
06.04.2007 20:18 <DIR> TuneUp Utilities 2006
06.04.2007 17:16 <DIR> TVgenial
24.09.2006 15:58 <DIR> Tweak-XP Pro
31.10.2006 18:24 <DIR> Tweak-XP Pro 4
07.04.2007 22:13 <DIR> Ultra Video Splitter
26.09.2005 19:35 <DIR> UnrealTournament
12.11.2006 11:47 <DIR> UselessCreations
26.03.2005 21:34 <DIR> VAG-COM
27.03.2005 18:57 <DIR> VideoLAN
26.09.2006 17:53 <DIR> VirtualDub
07.06.2005 18:50 <DIR> VirtualDub-1.5.4-P4
23.02.2006 17:29 <DIR> vso
24.01.2007 23:31 <DIR> Weight Watchers
06.04.2007 21:37 <DIR> WiFi Hopper
27.06.2006 21:32 <DIR> Winamp
07.12.2006 19:06 <DIR> Windows Defender
15.12.2006 22:33 <DIR> Windows Desktop Search
11.01.2007 21:05 <DIR> Windows Media Connect 2
11.01.2007 21:05 <DIR> windows media player
22.01.2005 17:22 <DIR> Windows NT
07.04.2007 00:02 <DIR> WinRAR
02.01.2007 18:49 <DIR> ws_ftp
22.01.2005 16:38 <DIR> xerox
03.10.2006 10:01 <DIR> XPcleanV7
06.04.2007 22:02 <DIR> Yahoo!
0 Datei(en) 0 Bytes
162 Verzeichnis(se), 82.981.507.072 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Anwendungsdaten

29.01.2005 22:39 <DIR> ACDPhotoEditor
29.01.2005 22:00 <DIR> ACDSee
29.01.2005 22:37 <DIR> Adobe
11.01.2007 20:33 <DIR> Ahead
20.09.2006 21:49 <DIR> AOL
06.01.2006 18:28 <DIR> Apple Computer
05.04.2007 19:21 <DIR> ApplicationHistory
13.12.2005 16:53 <DIR> ATI
06.04.2007 21:42 248.320 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
22.01.2005 21:46 138 fusioncache.dat
10.03.2007 14:40 87.288 GDIPFONTCACHEV1.DAT
29.01.2005 21:53 <DIR> Google
23.01.2005 12:03 <DIR> Help
22.01.2005 23:02 <DIR> Identities
27.06.2006 20:16 <DIR> Logitech
06.04.2007 20:09 <DIR> Microsoft
15.12.2006 21:35 <DIR> Microsoft Help
12.04.2007 20:52 <DIR> MigWiz
24.09.2006 17:20 <DIR> Mozilla
12.01.2007 20:47 <DIR> PCHealth
06.04.2007 19:54 <DIR> Stardock
12.09.2006 18:13 <DIR> Sunbelt Software
22.01.2005 21:58 <DIR> Symantec
30.04.2005 18:29 <DIR> Ubisoft
07.06.2005 18:37 <DIR> WMTools Downloaded Files
06.04.2007 22:02 <DIR> Yahoo
3 Datei(en) 335.746 Bytes
23 Verzeichnis(se), 82.981.511.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Anwendungsdaten

08.04.2007 12:18 <DIR> .
08.04.2007 12:18 <DIR> ..
13.04.2006 22:15 2.528 $_hpcst$.hpc
08.04.2006 20:50 <DIR> .CannaPower
20.09.2006 21:50 <DIR> acccore
29.01.2005 22:00 <DIR> ACD Systems
12.02.2006 14:29 <DIR> Adobe
26.01.2007 09:19 <DIR> AdobeUM
27.01.2007 12:26 <DIR> Ahead
08.09.2005 21:14 <DIR> aignes
10.12.2005 14:36 <DIR> Apple Computer
03.02.2007 16:24 <DIR> ArcSoft
13.12.2005 16:53 <DIR> ATI
26.07.2005 20:34 <DIR> atitray
11.04.2007 20:44 <DIR> Azureus
03.09.2006 19:58 <DIR> BayWatcher Pro
22.01.2005 21:05 <DIR> CDZilla
18.08.2006 16:40 <DIR> Corel
04.11.2006 18:45 <DIR> DVD Shrink
06.09.2006 21:23 <DIR> Elaborate Bytes
04.11.2006 18:13 120 FixVTS.ini
18.08.2005 07:49 <DIR> Google
23.01.2005 12:03 <DIR> Help
25.10.2005 16:51 <DIR> Hewlett-Packard
20.09.2006 20:35 <DIR> ICQLite
22.01.2005 16:43 <DIR> Identities
30.01.2005 16:15 <DIR> IsolatedStorage
25.05.2006 16:39 <DIR> KFZ-Fahrtenbuch 2
02.07.2006 12:29 <DIR> KFZ-Fahrtenbuch 2 Backup
03.10.2006 09:14 <DIR> Lavasoft
27.06.2006 20:59 <DIR> Logitech
29.01.2005 22:53 <DIR> Macromedia
08.10.2005 11:01 <DIR> MAGIX
06.04.2007 07:56 <DIR> MailWasherPro
24.09.2006 17:20 <DIR> Mozilla
27.01.2007 12:10 <DIR> Nero
25.10.2005 16:43 <DIR> Ordner HP Share-to-Web
21.04.2006 20:23 <DIR> RapidGet
16.10.2005 11:05 <DIR> Real
13.11.2006 18:34 <DIR> Registry Booster
10.03.2007 19:02 <DIR> RipIt4Me
30.04.2006 22:24 <DIR> ScanSoft
26.11.2006 18:11 <DIR> SlySoft
19.11.2006 22:12 <DIR> Sprite PC Agent
19.11.2006 22:12 <DIR> Sprite Setup Wizard
04.03.2007 20:03 <DIR> Sprite Software
31.01.2005 20:46 <DIR> Sun
29.01.2005 22:27 <DIR> Symantec
06.04.2007 20:03 <DIR> TuneUp Software
19.08.2006 22:43 <DIR> VSO_HWE
02.03.2006 21:30 <DIR> WholeSecurity
06.04.2007 17:58 <DIR> WinRAR
21.04.2006 17:14 <DIR> WNR
2 Datei(en) 2.648 Bytes
51 Verzeichnis(se), 82.981.507.072 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

29.01.2005 21:58 <DIR> ACD Systems
24.01.2007 19:03 <DIR> Adobe
29.01.2005 22:12 <DIR> Adobe Systems
20.09.2006 21:49 <DIR> AOL
10.12.2005 14:26 <DIR> Apple Computer
23.01.2005 10:44 <DIR> Corel
19.02.2006 16:38 <DIR> DVD Shrink
31.03.2006 18:13 <DIR> element5
30.04.2006 22:25 <DIR> InstallShield
08.10.2006 19:20 <DIR> Logitech
04.10.2005 18:51 <DIR> MAGIX
12.04.2007 20:58 <DIR> Microsoft Corporation
10.04.2007 20:16 <DIR> Microsoft Help
10.03.2007 01:15 <DIR> Nero
02.07.2005 13:30 <DIR> NFS Underground
12.11.2006 21:02 <DIR> Office Genuine Advantage
30.01.2005 13:49 <DIR> PowerQuest
13.03.2007 18:06 963 QTSBandwidthCache
23.01.2005 10:50 <DIR> QuickTime
03.03.2007 22:12 <DIR> RoboForm
30.04.2006 22:21 <DIR> ScanSoft
03.09.2006 15:56 <DIR> SecTaskMan
10.03.2007 16:47 <DIR> SlySoft
03.09.2006 18:40 <DIR> Spybot - Search & Destroy
29.01.2005 22:27 <DIR> Symantec
07.04.2006 21:12 <DIR> TechSmith
10.03.2007 14:56 <DIR> Test Drive Unlimited
04.03.2007 17:19 <DIR> TomTom
10.03.2007 21:22 <DIR> Trymedia
08.04.2007 15:00 <DIR> TuneUp Software
20.09.2006 21:49 <DIR> Viewpoint
22.01.2006 11:59 <DIR> Windows Genuine Advantage
20.09.2006 22:21 <DIR> Yahoo!
1 Datei(en) 963 Bytes
32 Verzeichnis(se), 82.981.502.976 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Programme\Gemeinsame Dateien

09.04.2007 13:41 <DIR> .
09.04.2007 13:41 <DIR> ..
29.01.2005 21:58 <DIR> ACD Systems
17.04.2006 16:57 <DIR> Adobe
29.01.2005 22:11 <DIR> Adobe Systems Shared
10.03.2007 01:49 <DIR> Ahead
09.03.2007 22:21 <DIR> AOL
20.09.2006 21:49 <DIR> aolshare
23.01.2005 10:41 <DIR> Corel
03.03.2007 13:09 <DIR> DESIGNER
22.01.2005 16:35 <DIR> Dienste
02.07.2005 13:30 <DIR> DirectX
03.10.2005 18:24 <DIR> envsoft
25.10.2005 16:42 <DIR> Hewlett-Packard
30.04.2005 17:57 <DIR> InstallShield
31.01.2005 20:42 <DIR> Java
27.06.2006 20:24 <DIR> Logitech
04.10.2005 18:47 <DIR> MAGIX Shared
03.03.2007 13:11 <DIR> Microsoft Shared
22.01.2005 16:35 <DIR> MSSoap
20.09.2006 21:49 <DIR> Nullsoft
12.01.2007 20:53 <DIR> ODBC
08.04.2007 21:30 <DIR> Panda Software
17.04.2006 16:57 <DIR> Real
30.04.2006 22:21 <DIR> Scansoft Shared
09.04.2007 13:42 <DIR> Softwin
22.01.2005 16:28 <DIR> SpeechEngines
30.10.2006 23:20 <DIR> Spielberg DMS
21.11.2006 21:02 <DIR> Stardock
09.04.2007 23:05 <DIR> Symantec Shared
16.12.2006 12:05 <DIR> System
06.04.2007 20:02 <DIR> Wise Installation Wizard
0 Datei(en) 0 Bytes
32 Verzeichnis(se), 82.981.502.976 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19

Verzeichnis von C:\Windows\tasks

06.04.2007 20:03 396 1-Klick-Wartung.job
1 Datei(en) 396 Bytes
0 Verzeichnis(se), 82.981.502.976 Bytes frei

#8 Juergen1511

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
C:\Dokumente und Einstellungen\Hanke\Desktop\Online Virenscanner.URL
C:\Dokumente und Einstellungen\Hanke\Desktop\Popups von DriveCleaner.URL
C:\Dokumente und Einstellungen\Hanke\Desktop\Protecus.URL
C:\Dokumente und Einstellungen\Hanke\.antileechdir

Folders to delete:
C:\Temp\tn3

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

________

was hat es damit auf sich ???
C:\Dokumente und Einstellungen\Hanke\Desktop\
12.04.2007 20:28 103 Isass.exe.txt - hast du die exe umbenannt oder... ???
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo Sabina,
diese Datei ist nur eine Erklärung über den Sasser. Ich hatte die Lsass.exe mit der Isass.exe verwechselt. ist mir dann aber auch aufgefallen, das es nicht der Sasser ist.
Ich habe diese Textdatei jetzt gelöscht. Verwirrt eh nur.
Ich habe jetzt den Avenger ausgeführt und die Dateien, die Du angegeben hast gelöscht.
Ist es eigentlich egal, ob ich im abgesicherten oder normalen Modus arbeite, wenn ich die Scans durchführe oder etwas lösche???
Ich arbeite jetzt nämlich lieber im abgesicherten Modus, weil sich dann nicht ständig diese Browserfenster öffnen.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lcodxece
*******************
Script file located at: \??\C:\WINDOWS\system32\setnulvx.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Dokumente und Einstellungen\Hanke\Desktop\Online Virenscanner.URL deleted successfully.
File C:\Dokumente und Einstellungen\Hanke\Desktop\Popups von DriveCleaner.URL deleted successfully.
File C:\Dokumente und Einstellungen\Hanke\Desktop\Protecus.URL deleted successfully.
File C:\Dokumente und Einstellungen\Hanke\.antileechdir deleted successfully.
Folder C:\Temp\tn3 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Gruß Jürgen

#10 Nun wuerde mich interessieren, ob noch popups kommen
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Hi Sabina,
ich hatte mich eigentlich schon fast damit abgefunden, den Rechner neu aufzusetzen, aber so wie es aussieht hast Du es geschafft!
Ich probiere es jetzt schon ca. 15 min aus und es erscheint kein zusätzliches Browserfenster.
Könntest Du mir jetzt nur noch kurz einen Tip geben, wer der Übeltäter war?
Es kann doch dann eigentlich nur "tn3" oder ".antileechdir" gewesen sein, oder?
Auf jeden Fall schon mal herzlichen Dank für die Hilfe!!!
Gruß Jürgen

PS: Falls sich die Popups doch noch mal zeigen sollten, werde ich mich wieder melden.

#12 Schuld hatten die url
Popups von DriveCleaner.URL .....
fein, dass ich helfen konnte
Gruss
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Hallo Sabrina,

ich habe auch dasselbe Problem mit Drive Cleaner 2006. Zusätzlich gehen bei mir seit einigen Tagen auch noch irgendwelche Pornoseiten als Pop Ups auf, obwohl ich noch nie welche besucht habe...*kopfkratz*

Könntest Du mir auch helfen?

Bin aber leider auch nicht gerade ein PC-Crack ;-) ...

Liebe Grüsse
Heike

Hier mein Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 09:53:42, on 20.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\PC Tools Firewall Plus\PCTFW.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam10\QuickCam10.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\UltimateZip 2.7\uzqkst.exe
C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Live Toolbar\msn_sl.exe
C:\Dokumente und Einstellungen\Martin Ströbele\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3b117fbc-0420-44af-8e14-af70dc3e69a9} - C:\WINDOWS\system32\blacori.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp4.tmp.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [wlconfig] C:\Programme\WLAN Monitor\wlconfig.exe -autostart
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [PCTools FW] C:\Programme\PC Tools Firewall Plus\PCTFW.exe /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\tuvust.dll",realset
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:deu
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{723AB3B7-E5DB-4867-950A-9BD614A545EA}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: bw+0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: blacori - C:\WINDOWS\SYSTEM32\blacori.dll
O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programme\Sygate\SPF\Smc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe

#14 hi, benenne die hijackthis.exe in hjt.com um, dies ist nötig, da sich schon malware vor der .exe verstecken kann! bitte achte darauf, dass die endung .exe weck ist scanne und poste dann erneut ein log!
lad combofix führe es nach anleitung aus:
http://virus-protect.org/artikel/tools/combofix.html
lad filelist.zip, entpacke auf dem desktop, klicke filelist.bat dann wird sich dein editor öffnen kopiere von jedem verzeichniss die jeweils letzten 2 monate!
http://members.linzag.net/680262/filelist.zip

#15 Hallo Virenfinder,

hier noch mal das geänderte Log. Wenn der Clean up abgeschlossen ist (war wohl nötig ;-) ), versuch ich mich am Rest. Danke für die schnelle Antwort.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:06, on 20.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\PC Tools Firewall Plus\PCTFW.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam10\QuickCam10.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\UltimateZip 2.7\uzqkst.exe
C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Dokumente und Einstellungen\Martin Ströbele\Eigene Dateien\hjt.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3b117fbc-0420-44af-8e14-af70dc3e69a9} - C:\WINDOWS\system32\blacori.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp4.tmp.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [wlconfig] C:\Programme\WLAN Monitor\wlconfig.exe -autostart
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [PCTools FW] C:\Programme\PC Tools Firewall Plus\PCTFW.exe /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\urpnnl.dll",realset
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:deu
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?5e737ea4fefa47e8b9cdddf6e6bbd6d2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{723AB3B7-E5DB-4867-950A-9BD614A545EA}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: bw+0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: blacori - C:\WINDOWS\SYSTEM32\blacori.dll
O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programme\Sygate\SPF\Smc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe

Hier das Combofix-File:

"C:\WINDOWS\system32\tmp1.tmp.dll"
"C:\WINDOWS\system32\tmp4.tmp.dll"
"C:\WINDOWS\system32\vbuzip10.dll"
"C:\install.log"
"C:\WINDOWS\system32\lsasss.exe"
C:\WINDOWS\system32\esentprf.ini
C:\WINDOWS\system32\PerfStringBackup.INI

und hier die File-Lists der letzten 2 Monate:

----- Root -----------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\

2007-05-20 12:40 43 filelist.txt
2007-05-20 11:44 64 ComboFix.txt.bat
2007-05-20 08:20 510 s25g
2007-05-20 08:19 536,399,872 hiberfil.sys
2007-05-20 08:19 805,306,368 pagefile.sys
2007-05-19 20:12 510 s3s8
2007-05-19 13:28 510 s3qs
2007-05-18 21:28 510 s1bc
2007-05-18 14:04 510 s2jo
2007-05-18 07:20 510 s3sk
2007-05-17 21:49 268 sqmdata03.sqm
2007-05-17 21:49 244 sqmnoopt02.sqm
2007-05-17 17:48 510 s3u4
2007-05-16 20:29 510 s180
2007-05-16 13:35 510 s3r4
2007-05-15 15:30 510 s3s0
2007-05-14 18:30 510 s21c
2007-05-13 21:00 510 s2f4
2007-05-13 11:07 510 s260
2007-05-12 23:36 510 s38g
2007-05-12 13:45 510 s3sg
2007-05-12 12:41 510 s3so
2007-05-12 09:52 510 svg
2007-05-11 21:08 510 sf0
2007-05-11 18:05 268 sqmdata01.sqm
2007-05-11 18:05 136 sqmnoopt01.sqm
2007-05-11 18:05 148 sqmdata02.sqm
2007-05-11 14:21 510 s3to
2007-05-10 13:41 510 sv4
2007-05-09 17:56 510 s3rc
2007-05-09 14:14 510 s2mc
2007-05-08 20:15 510 s2s0
2007-05-08 13:00 510 s14k
2007-05-07 22:00 510 s40
2007-05-07 19:51 268 sqmdata00.sqm
2007-05-07 19:51 244 sqmnoopt00.sqm
2007-04-28 17:15 232 sqmdata19.sqm
2007-04-28 17:15 244 sqmnoopt19.sqm
2007-04-04 18:13 232 sqmdata18.sqm
2007-04-04 18:13 244 sqmnoopt18.sqm
2007-04-04 17:19 232 sqmdata17.sqm
2007-04-04 17:19 244 sqmnoopt17.sqm
2007-04-04 13:42 232 sqmdata16.sqm
2007-04-04 13:42 244 sqmnoopt16.sqm
2007-04-03 19:57 232 sqmdata15.sqm
2007-04-03 19:57 244 sqmnoopt15.sqm
2007-04-02 19:45 232 sqmdata14.sqm
2007-04-02 19:45 244 sqmnoopt14.sqm
2007-04-02 12:04 232 sqmdata13.sqm
2007-04-02 12:04 244 sqmnoopt13.sqm
2007-04-02 09:02 232 sqmdata12.sqm
2007-04-02 09:02 244 sqmnoopt12.sqm
2007-03-30 14:49 232 sqmdata11.sqm
2007-03-30 14:49 244 sqmnoopt11.sqm
2007-03-29 16:31 232 sqmdata10.sqm
2007-03-29 16:31 244 sqmnoopt10.sqm
2007-03-28 19:04 232 sqmdata09.sqm
2007-03-28 19:04 244 sqmnoopt09.sqm
2007-03-28 15:13 232 sqmdata08.sqm
2007-03-28 15:13 244 sqmnoopt08.sqm
2007-03-27 18:00 232 sqmdata07.sqm
2007-03-27 18:00 244 sqmnoopt07.sqm
2007-03-27 14:22 232 sqmdata06.sqm
2007-03-27 14:22 244 sqmnoopt06.sqm
2007-03-25 20:06 232 sqmdata05.sqm
2007-03-25 20:06 244 sqmnoopt05.sqm
2007-03-25 14:20 244 sqmnoopt04.sqm
2007-03-25 14:20 232 sqmdata04.sqm
2007-03-25 14:14 244 sqmnoopt03.sqm
2007-02-23 11:48 3,881 pippilst.txt
2006-12-31 14:35 15 mandant.ini
2005-10-03 16:23 16 mxfilerelatedcache.mxc2
2005-06-05 15:47 1,366 wlan.ini
2005-05-14 17:00 211 boot.ini
2005-05-14 16:52 47,564 NTDETECT.COM
2005-05-14 16:52 251,184 ntldr
2005-03-30 11:55 4,000,824 cab.exe
2005-03-22 12:22 94,208 pcconfig.exe
2005-03-11 22:01 90,456 chaos.dmp

----- Windows --------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS

2007-05-20 11:44 1,396,332 lnnpru.ini
2007-05-20 09:55 106,476 urpnnl.dll
2007-05-20 08:25 395,879 WindowsUpdate.log
2007-05-20 08:20 1,398,253 tsuvut.ini
2007-05-20 08:19 0 0.log
2007-05-20 08:19 159 wiadebug.log
2007-05-20 08:19 50 wiaservc.log
2007-05-20 08:19 2,048 bootstat.dat
2007-05-19 21:19 32,564 SchedLgU.Txt
2007-05-18 21:30 106,528 tuvust.dll
2007-05-18 21:28 761,471 dehkmp.ini
2007-05-18 07:57 208,365 setupact.log
2007-05-16 20:28 803,755 xwxadd.ini
2007-05-12 14:22 19,485 wmsetup.log
2007-05-12 12:45 100 QTW.INI
2007-05-12 12:45 100 QTW.QTW
2007-05-12 12:45 988 win.ini
2007-05-12 12:45 254 system.ini
2007-05-12 12:45 254 SYSINI.QTW
2007-05-12 12:45 988 WININI.QTW
2007-05-08 22:27 54,156 QTFont.qfn
2007-05-07 18:27 1,049,420 setupapi.log
2007-05-05 13:01 3,318 tm.ini
2007-05-03 17:57 118,784 bwUnin-7.2.0.157-8876480SL.exe
2007-05-03 17:46 29,664 iis6.log
2007-05-03 17:46 74,722 comsetup.log
2007-05-03 17:46 44,572 ntdtcsetup.log
2007-05-03 17:46 8,064 ocmsn.log
2007-05-03 17:46 1,355 imsins.log
2007-05-03 17:46 81,700 tsoc.log
2007-05-03 17:46 6,923 KB893803v2.log
2007-05-03 17:46 95,468 ocgen.log
2007-05-03 17:46 9,993 msgsocm.log
2007-05-03 17:46 189,548 FaxSetup.log
2007-05-03 17:45 2,440 avmcoins.log
2007-04-29 14:46 1,409 QTFont.for
2007-03-23 20:08 37,193 SiSUSBrg.exe
2007-03-23 20:08 37,193 SOINTGR.EXE
2007-03-11 22:59 10,872 DPINST.LOG


----- System ---
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS\system

(keine Einträge in den letzten 2 Monaten)

----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS\system32

2007-05-11 14:20 2,184 wpa.dbl
2007-05-04 20:42 21,895 blacori.dll
2007-05-03 18:10 3,343 lvcoinst.log
2007-04-28 12:22 181,832 FNTCACHE.DAT
2007-03-25 14:16 386,010 perfh009.dat
2007-03-25 14:16 56,364 perfc009.dat
2007-03-25 14:16 398,334 perfh007.dat
2007-03-25 14:16 68,096 perfc007.dat
2007-03-23 20:08 37,193 NeroCheck.exe

----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS\Prefetch

2007-05-20 12:40 11,380 FIND.EXE-0EC32F1E.pf
2007-05-20 12:40 14,624 CMD.EXE-087B4001.pf
2007-05-20 12:31 18,248 MSN_SL.EXE-3A7EBB4D.pf
2007-05-20 12:31 10,132 MSNTBUP.EXE-0FE4C519.pf
2007-05-20 12:30 15,560 NOTEPAD.EXE-336351A9.pf
2007-05-20 12:29 16,886 WINHLP32.EXE-2C18E975.pf
2007-05-20 12:28 26,174 UZIP.EXE-055A1D6A.pf
2007-05-20 12:20 16,920 HPZENG04.EXE-129A6FF3.pf
2007-05-20 12:20 9,264 RUNDLL32.EXE-268BFF96.pf
2007-05-20 12:19 19,060 WORDPAD.EXE-1EFCC5C1.pf
2007-05-20 12:17 67,576 SOFFICE.EXE-24A13B67.pf
2007-05-20 12:10 101,328 IEXPLORE.EXE-2CA9778D.pf
2007-05-20 12:10 21,750 IMAPI.EXE-0BF740A4.pf
2007-05-20 12:09 38,840 EXPLORER.EXE-082F38A9.pf
2007-05-20 12:09 11,470 ATTRIB.EXE-39EAFB02.pf
2007-05-20 12:09 8,508 NIRCMD.CFEXE-19FF4781.pf
2007-05-20 12:08 24,108 CATCHME.CFEXE-0F2A0789.pf
2007-05-20 12:08 7,292 SWXCACLS.CFEXE-365F7973.pf
2007-05-20 12:08 7,812 SWSC.CFEXE-3B4FE4FE.pf
2007-05-20 12:08 6,326 DUMPHIVE.CFEXE-2ED3B134.pf
2007-05-20 12:07 5,170 SED.CFEXE-268D7E58.pf
2007-05-20 12:07 5,754 VFIND.CFEXE-2033727F.pf
2007-05-20 12:07 11,690 FINDSTR.EXE-0CA6274B.pf
2007-05-20 12:07 4,624 MTEE.CFEXE-1E067BC7.pf
2007-05-20 12:07 10,886 SWREG.CFEXE-2BF4FFCD.pf
2007-05-20 11:45 6,158 HANDLE.CFEXE-13427ED2.pf
2007-05-20 11:45 6,066 CHCP.COM-18156052.pf
2007-05-20 11:44 13,394 REGT.CFEXE-15DB5DAE.pf
2007-05-20 11:44 19,920 SETPATH.CFEXE-034E3D26.pf
2007-05-20 11:44 10,020 SWREG.EXE-3560BE42.pf
2007-05-20 11:44 10,152 NIRCMD.EXE-3A4C8334.pf
2007-05-20 11:44 46,278 COMBOFIX[1].EXE-0818BFC0.pf
2007-05-20 10:37 14,378 HJT.COM-031DE892.pf
2007-05-20 10:11 12,356 CLEANUP.EXE-3438663A.pf
2007-05-20 10:11 13,674 CLEANUP452[1].EXE-27D5E53E.pf
2007-05-20 09:55 14,690 TMP5.TMP.EXE-2E187880.pf
2007-05-20 09:53 12,224 HIJACKTHIS.EXE-1BD4B6A3.pf
2007-05-20 09:51 13,130 RUNDLL32.EXE-2588CC2D.pf
2007-05-20 09:51 5,452 TMP4.TMP.EXE-2DA20CE7.pf
2007-05-20 09:39 77,204 ACRORD32.EXE-153330F0.pf
2007-05-20 09:12 16,188 TMP1.TMP.EXE-2C3ECA1C.pf
2007-05-20 08:24 32,948 HPGS2WNF.EXE-3A8D0447.pf
2007-05-20 08:21 20,492 LULNCHR.EXE-02DDED3A.pf
2007-05-20 08:21 11,172 LOGITECHUPDATE.EXE-2ED2F3DB.pf
2007-05-20 08:20 34,280 WUAUCLT.EXE-399A8E72.pf
2007-05-20 08:20 13,440 RJUPDATECHECKER.EXE-22C56375.pf
2007-05-20 08:20 22,148 UPDATE.EXE-039B1B16.pf
2007-05-20 08:20 37,208 RINGJACK.EXE-1C41BD9A.pf
2007-05-20 08:20 75,486 WLLOGINPROXY.EXE-33926225.pf
2007-05-20 08:20 940,108 NTOSBOOT-B00DFAAD.pf
2007-05-19 21:19 19,784 LOGONUI.EXE-0AF22957.pf
2007-05-19 20:12 27,942 WMIPRVSE.EXE-28F301A9.pf
2007-05-18 21:33 65,958 ACRORD32INFO.EXE-19D979CC.pf
2007-05-18 21:30 13,732 TMP2.TMP.EXE-2CB535B5.pf
2007-05-18 21:29 13,242 RUNDLL32.EXE-45916D63.pf
2007-05-18 14:00 18,520 TASKMGR.EXE-20256C55.pf
2007-05-18 08:36 36,322 DFRGNTFS.EXE-269967DF.pf
2007-05-18 08:36 17,212 DEFRAG.EXE-273F131E.pf
2007-05-18 08:36 401,696 Layout.ini
2007-05-18 07:57 64,690 CLEANMGR.EXE-1F86EA8E.pf
2007-05-18 07:20 19,688 HPOFXM07.EXE-0422D669.pf
2007-05-18 07:20 25,730 HPOSTS07.EXE-35F931B2.pf
2007-05-17 21:49 36,208 MSNMSGR.EXE-091111D0.pf
2007-05-17 20:32 96,112 HELPSVC.EXE-2878DDA2.pf
2007-05-17 18:28 10,994 TMP13.TMP.EXE-05BE35F0.pf
2007-05-17 18:14 25,048 ADOBEUPDATER.EXE-370FC314.pf
2007-05-17 18:01 81,508 COMPONENTLAUNCHER.EXE-10A25719.pf
2007-05-17 17:57 33,876 MAGIXVIEWER.EXE-02B8427D.pf
2007-05-16 22:53 50,594 DRWTSN32.EXE-2B4B52AC.pf
2007-05-16 20:29 13,502 HPOFLT07.EXE-1297F2EB.pf
2007-05-16 13:50 13,652 RUNDLL32.EXE-4CA841A4.pf
2007-05-15 15:32 10,412 RUNDLL32.EXE-4BEAA4F9.pf
2007-05-13 21:01 21,032 COCIMANAGER.EXE-2D6000D8.pf
2007-05-12 23:36 66,942 SKYPEPM.EXE-03F1BFBD.pf
2007-05-12 23:36 72,474 SKYPE.EXE-21F19BC8.pf
2007-05-12 14:21 34,874 SETUP_WM.EXE-19AC5A9B.pf
2007-05-12 14:16 55,872 WMPLAYER.EXE-0996933C.pf
2007-05-12 14:16 7,188 REALPLAY.EXE-39F79CBD.pf
2007-05-12 13:19 9,290 RUNDLL32.EXE-451FC2C0.pf
2007-05-12 12:42 22,688 NTVDM.EXE-1A10A423.pf
2007-05-12 11:13 59,198 IEDW.EXE-2D047874.pf
2007-05-11 23:43 10,502 TMP75.TMP.EXE-19E6364F.pf
2007-05-11 23:37 14,526 TMP74.TMP.EXE-196FCAB6.pf
2007-05-11 18:43 10,570 RUNDLL32.EXE-28753F77.pf
2007-05-11 14:30 12,998 RUNDLL32.EXE-21D37164.pf
2007-05-08 22:30 36,510 WINRIP.EXE-01F1C82A.pf
2007-05-08 22:28 23,584 QTTASK.EXE-2D7EEF34.pf
2007-05-07 22:00 13,542 AU_.EXE-2B16C79B.pf
2007-05-07 21:59 6,686 INSTALLER_SHUTDOWN.EXE-208DC757.pf
2007-05-07 21:59 5,784 VEROSEE_SHUTDOWN.EXE-0A16B4CD.pf
2007-05-07 21:59 13,914 VEROSEEUNINSTALL.EXE-00BA0865.pf
2007-05-07 18:56 90,988 JAVAW.EXE-1DA9F6E6.pf
2007-05-07 18:45 62,562 WMPLAYER.EXE-0996933A.pf
2007-05-07 18:12 11,376 REG.EXE-0D2A95F7.pf
2007-05-06 23:38 77,356 STARMONEY.EXE-08E875F9.pf
2007-05-06 23:38 24,056 STARTSTARMONEY.EXE-0BFE7ADE.pf
96 Datei(en) 3,830,882 Bytes
0 Verzeichnis(se), 4,388,413,440 Bytes frei

----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS\tasks

2007-05-20 12:31 266 Auf Updates f�r Windows Live Toolbar pr�fen.job
2007-05-20 08:19 6 SA.DAT

----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\WINDOWS\Temp

2007-05-03 17:58 179 LDMSetupLog.txt
2007-05-03 17:55 21,747 LgDSetup.txt
2007-05-03 17:55 164,646 InstAEC.log
2007-05-03 17:55 173,912 InstMV.log
2007-05-03 17:54 203,876 LVEnum.log
2007-05-03 17:53 86 qcdrvsetup.log
2007-04-04 18:09 4 abc123.pid

----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 0C6F-2D65

Verzeichnis von C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp

2007-05-20 11:43 33,535 WcesView.log
2007-05-20 09:55 466,944 tmp5.tmp.exe
2007-05-20 09:51 50,356 tmp4.tmp.exe
2007-05-20 09:12 40,960 tmp1.tmp.exe
2007-05-20 09:08 44,472 java_install_reg.log
2007-05-20 08:19 42,274 LVCOMSX.LOG
2007-05-20 08:19 4 abc123.pid
2007-05-19 21:00 1,409 Z@S55.tmp
2007-05-19 21:00 11,932 Z@R54.tmp
2007-05-19 21:00 1,409 Z@S53.tmp
2007-05-19 21:00 5,356 Z@R52.tmp
2007-05-19 21:00 1,409 Z@S51.tmp
2007-05-19 21:00 30,544 Z@R50.tmp
2007-05-19 21:00 1,409 Z@S4F.tmp
2007-05-19 21:00 36,724 Z@R4E.tmp
2007-05-19 21:00 4,400 Z@R4C.tmp
2007-05-19 21:00 1,409 Z@S4D.tmp
2007-05-19 21:00 21,448 Z@R4A.tmp
2007-05-19 21:00 1,409 Z@S4B.tmp
2007-05-19 21:00 19,616 Z@R48.tmp
2007-05-19 21:00 1,409 Z@S49.tmp
2007-05-19 21:00 1,409 Z@S47.tmp
2007-05-19 21:00 11,932 Z@R46.tmp
2007-05-19 21:00 5,356 Z@R44.tmp
2007-05-19 21:00 1,409 Z@S45.tmp
2007-05-19 21:00 1,409 Z@S43.tmp
2007-05-19 21:00 30,544 Z@R42.tmp
2007-05-19 21:00 36,724 Z@R40.tmp
2007-05-19 21:00 1,409 Z@S41.tmp
2007-05-19 21:00 1,409 Z@S3F.tmp
2007-05-19 21:00 4,400 Z@R3E.tmp
2007-05-19 21:00 21,448 Z@R3C.tmp
2007-05-19 21:00 1,409 Z@S3D.tmp
2007-05-19 21:00 19,616 Z@R3A.tmp
2007-05-19 21:00 1,409 Z@S3B.tmp
2007-05-19 21:00 5,120 Z@R38.tmp
2007-05-19 21:00 1,409 Z@S39.tmp
2007-05-19 21:00 1,409 Z@S37.tmp
2007-05-19 21:00 7,632 Z@R36.tmp
2007-05-19 21:00 1,409 Z@S35.tmp
2007-05-19 21:00 9,588 Z@R34.tmp
2007-05-19 21:00 9,396 Z@R32.tmp
2007-05-19 21:00 1,409 Z@S33.tmp
2007-05-19 21:00 4,400 Z@R30.tmp
2007-05-19 21:00 1,409 Z@S31.tmp
2007-05-19 21:00 1,409 Z@S2F.tmp
2007-05-19 21:00 22,376 Z@R2E.tmp
2007-05-19 21:00 1,409 Z@S2D.tmp
2007-05-19 21:00 19,596 Z@R2C.tmp
2007-05-19 21:00 1,409 Z@S2B.tmp
2007-05-19 21:00 5,120 Z@R2A.tmp
2007-05-19 21:00 1,409 Z@S29.tmp
2007-05-19 21:00 7,632 Z@R28.tmp
2007-05-19 21:00 1,409 Z@S27.tmp
2007-05-19 21:00 9,588 Z@R26.tmp
2007-05-19 21:00 1,409 Z@S25.tmp
2007-05-19 21:00 9,396 Z@R24.tmp
2007-05-19 21:00 4,400 Z@R22.tmp
2007-05-19 21:00 1,409 Z@S23.tmp
2007-05-19 21:00 1,409 Z@S21.tmp
2007-05-19 21:00 22,376 Z@R20.tmp
2007-05-19 21:00 1,409 Z@S1F.tmp
2007-05-19 21:00 19,596 Z@R1E.tmp
2007-05-19 21:00 1,409 Z@S1D.tmp
2007-05-19 21:00 1,409 Z@S1B.tmp
2007-05-19 21:00 11,932 Z@R1C.tmp
2007-05-19 21:00 5,356 Z@R1A.tmp
2007-05-19 21:00 1,409 Z@S19.tmp
2007-05-19 21:00 30,544 Z@R18.tmp
2007-05-19 21:00 36,724 Z@R16.tmp
2007-05-19 21:00 1,409 Z@S17.tmp
2007-05-19 21:00 4,400 Z@R14.tmp
2007-05-19 21:00 1,409 Z@S15.tmp
2007-05-19 21:00 1,409 Z@S13.tmp
2007-05-19 21:00 21,448 Z@R12.tmp
2007-05-19 21:00 19,616 Z@R10.tmp
2007-05-19 21:00 1,409 Z@S11.tmp
2007-05-19 20:55 1,409 Z@SF.tmp
2007-05-19 20:55 5,116 Z@RE.tmp
2007-05-19 20:55 1,409 Z@SD.tmp
2007-05-19 20:55 7,628 Z@RC.tmp
2007-05-19 20:55 9,584 Z@RA.tmp
2007-05-19 20:55 1,409 Z@SB.tmp
2007-05-19 20:55 1,409 Z@S9.tmp
2007-05-19 20:55 9,392 Z@R8.tmp
2007-05-19 20:55 1,409 Z@S7.tmp
2007-05-19 20:55 4,396 Z@R6.tmp
2007-05-19 20:55 1,409 Z@S5.tmp
2007-05-19 20:55 22,372 Z@R4.tmp
2007-05-19 20:55 1,409 Z@S3.tmp
2007-05-19 20:55 19,592 Z@R2.tmp
2007-05-18 21:30 233,071 tmp2.tmp.exe
2007-05-17 18:28 40,960 tmp13.tmp.exe
2007-05-16 13:50 38,126 tmp1.tmp.dll
2007-05-15 14:59 125 C31F31E6.TMP
2007-05-11 23:43 40,960 tmp75.tmp.exe
2007-05-11 23:37 109,387 tmp74.tmp.exe
2007-05-07 18:23 516 DelUS.bat
2007-05-07 18:11 676 currentversion.txt
2007-05-06 11:08 16,384 ~DFA8E8.tmp
2007-05-03 20:41 1,995 VideoSnap.xml
2007-05-03 20:41 2,533 Theodora.xml
2007-05-03 20:41 11,579 VLogTools.xml
2007-05-03 20:41 14,138 EditTools.xml
2007-05-03 17:58 930 logierr.log
2007-05-03 17:57 80,226 BWInstall.log
2007-05-03 17:57 2,633 logitech-ldm-postinst-action.log
2007-05-03 17:57 24,613 IadHide5.dll
2007-05-03 17:57 30,899 BWDump.log
2007-05-03 17:57 720 logitech-ldm-preinst-action.log
2007-05-03 17:55 2,964 Update.txt
2007-05-03 17:54 41,259 DelDev.txt
2007-05-03 17:53 732 CamWizard.txt
2007-05-03 17:53 1,906,506 qc10install.log
2007-05-03 17:53 21,087 ModelFileHandler.log
2007-05-03 17:49 12,164 Bootstrap_log.txt
2007-04-07 14:23 43,968 Z@R1.tmp
2007-04-02 19:47 15,452 httpd-error.log
2007-04-02 19:47 464 sess_assruh4r00t553m8528klt4dn0
2007-04-02 19:44 428 sess_vjb39ci2g7k7f1hfglp03131f6
2007-04-02 19:44 428 sess_euul047vjetqdb1igselkrdhs1
2007-04-02 19:44 6 httpd.pid
2007-04-02 11:35 474 sess_ln2huh91lob3r4lieiqebi8f72
2007-04-02 11:31 428 sess_8al6v9lgcn5siftvslm744p283
2007-04-02 11:31 428 sess_qgjmuk1qirr6i0r2ojcbgvk9i4
2007-03-26 20:49 428 sess_ruidakbdehph0n80dkd241ikn0
2007-03-26 20:49 428 sess_jvjqndrs7gki1b1cd5jouvnk67
2007-03-26 20:49 428 sess_enr0nttk4a1g0s8qa6alp2g413
2007-03-26 20:43 428 sess_chje22vhoqv5of2hl6jt60ukh4
2007-03-26 20:43 429 sess_2fgdp7t2ethnnk417813c0qg55
2007-03-26 20:43 456 sess_5s6m7eotclvmkcjn9qpi26ihl5
2007-03-26 20:41 428 sess_cup1ditafn1ig1gl5jcej1v8j2
2007-03-26 20:41 456 sess_o0q8l8780c01d8h9gqrspnucu5
2007-03-26 20:40 456 sess_bkohjpndnjjk8gtgjij6853ml7
2007-03-26 20:39 456 sess_2p4bi21cvl5gpc4oufn5dd79v5
2007-03-26 20:38 428 sess_gljt8j1aaji0mocq9u9ol5hnk0
2007-03-26 20:38 428 sess_dilujtgffvgt1sud7140njdj66
2007-03-26 20:38 428 sess_qoks6pff1ujs2v4of8gnthqm92
2007-03-23 19:59 1,233 TWAIN.LOG
2007-03-23 19:59 5 Twain001.Mtx
2007-03-23 19:59 156 Twunk001.MTX
2007-03-23 19:51 408 WCESCOMM.LOG
2007-03-23 19:50 258,816 jusched.log
2007-03-23 15:16 16,384 ~DF4B06.tmp
2007-03-21 17:13 16,384 ~DF2586.tmp
2007-03-20 13:57 16,384 ~DF88FA.tmp
2007-03-19 21:25 16,384 ~DF3FE4.tmp
2007-03-19 16:21 16,384 ~DF7DCF.tmp
2007-03-18 18:23 16,384 ~DF476F.tmp
2007-03-18 13:04 16,384 ~DF7B8A.tmp
2007-03-13 09:34 16,384 ~DF5B61.tmp
2007-03-12 23:27 16,384 ~DF4FF0.tmp
2007-03-11 23:00 49 calog.txt
2007-03-11 23:00 4,490,712 WindowsUpdateAgent20-x86.exe
2007-03-11 23:00 7,280 wuredist.cab
2007-03-11 13:40 16,384 ~DF4E0C.tmp
2007-03-10 19:16 28,648 AAX23.tmp
2007-03-10 19:14 28,648 AAX1E.tmp
2007-03-10 17:26 16,384 ~DFF6E2.tmp
2007-03-10 10:49 16,384 ~DF20EC.tmp


uff...und damit kann man etwas anfangen???

Ich danke Dir jedenfalls schon vorab für Deine Hilfe.

Liebe Grüsse
Heike