Home » Viren, Trojaner & Malware Forum » Rechner neu aufgesetzt, kurz nicht aufgepasst und nun nur Probleme » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Rechner neu aufgesetzt, kurz nicht aufgepasst und nun nur Probleme

19.04.2007, 10:03

DocEvil

Member

Beiträge: 16

#1 Hi @ all, habe gerade meinen Rechner neu aufgesetzt. Nur habe ich einmal nicht genau aufgepasst, und wurde nach nem erzwungenen Neustart als gefakter Admin eingeloggt. Runterfahren war auf dem normalen Weg nicht mehr möglich, konnte nur Benutzer Wechseln ausführen. Habe dann im abgesicherten Modus so gut es mir möglich war meinen PC versucht wieder clean zu bekommen.

Hier die Logs die ich danach angefertigt habe. Die Probleme sind noch nicht ganz verschwunden. Ich bekomme immer noch Popups von irgendwelchen dubiosen Seiten.

Logs:

Logfile of HijackThis v1.99.1
Scan saved at 09:53, on 19.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FileZilla Server\FileZilla Server.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\512i digital\512id.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Snarfware\Snarfer\snarfer.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\BWMeter\BWMeter.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\internet explorer\iexplore.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [512id] C:\Programme\512i digital\512id.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snarfer] C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: BWMeter.lnk = C:\Programme\BWMeter\BWMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programme\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176742898203
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Dazu muß ich saen, das ich beim ersten Aufruf von Hijackthis diese Fehlermeldung erhalte :

Combofix Logs:

"Administrator" - 07-04-19 9:26:16 Service Pack 2
ComboFix 07-04-19.1V - Running from: C:\Dokumente und Einstellungen\Administrator\Desktop\

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\pmkji.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2007-03-19 to 2007-04-19 ))))))))))))))))))))))))))))))))))

2007-04-19 08:47 <DIR> d-------- C:\WINDOWS\CSC
2007-04-18 13:47 125,460 --a------ C:\WINDOWS\system32\boxwguvn.dll
2007-04-18 13:36 26,714 --a------ C:\WINDOWS\system32\opnlljj.dll
2007-04-18 13:26 <DIR> d-------- C:\WINDOWS\Web Download
2007-04-18 13:20 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft
2007-04-18 13:12 <DIR> d-------- C:\Programme\Alcohol Soft
2007-04-18 12:02 <DIR> d-------- C:\Programme\YASU_1.1_7035
2007-04-18 11:50 <DIR> d-------- C:\Programme\DAEMON Tools
2007-04-18 11:50 <DIR> d-------- C:\Programme\arniWORX
2007-04-17 23:35 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-04-17 23:35 <DIR> d-------- C:\OpenSSL
2007-04-17 13:31 <DIR> d-------- C:\Programme\ProcessExplorer
2007-04-17 13:27 <DIR> d-------- C:\Programme\NVIDIA Corporation
2007-04-17 13:20 <DIR> d-------- C:\Programme\æTorrent
2007-04-17 12:58 <DIR> d-------- C:\Programme\QuickTime Alternative
2007-04-17 12:58 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-04-17 12:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-17 12:56 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-04-17 12:56 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-04-17 12:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-04-17 12:56 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-04-17 12:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-04-17 12:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-04-17 12:56 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-17 12:56 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-04-17 12:56 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-04-17 12:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-04-17 12:56 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2007-04-17 12:56 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Real
2007-04-17 12:56 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Real
2007-04-17 03:51 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-17 03:05 330,336 --a------ C:\WINDOWS\RCoUn.EXE
2007-04-17 03:05 <DIR> d-------- C:\Programme\RouterControl
2007-04-17 00:16 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\uTorrent
2007-04-16 23:59 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\DeskSoft
2007-04-16 23:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2007-04-16 23:09 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-16 23:09 <DIR> d-------- C:\WINDOWS\nview
2007-04-16 22:51 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2007-04-16 22:51 208,896 --a------ C:\WINDOWS\system32\nvumctl.exe
2007-04-16 22:51 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2007-04-16 22:51 208,896 --a------ C:\WINDOWS\system32\nvugart.exe
2007-04-16 22:51 208,896 --a------ C:\WINDOWS\system32\nvuenet.exe
2007-04-16 22:47 <DIR> d-------- C:\Temp
2007-04-16 22:35 <DIR> d-------- C:\Programme\512i digital
2007-04-16 22:34 <DIR> d-------- C:\TerraTec
2007-04-16 22:31 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Logitech
2007-04-16 22:30 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-16 22:30 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-04-16 22:30 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-04-16 22:30 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-04-16 22:30 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-16 22:30 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-16 22:30 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-16 22:30 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-16 22:30 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-16 22:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-16 22:30 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech
2007-04-16 22:29 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-04-16 22:29 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-04-16 22:29 51,729 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-04-16 22:29 37,887 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2007-04-16 22:29 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-04-16 22:29 25,505 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2007-04-16 22:29 23,375 --------- C:\WINDOWS\system32\LCOINST.DLL
2007-04-16 22:29 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-04-16 22:29 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-04-16 22:29 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2007-04-16 22:29 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-04-16 22:29 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-04-16 22:29 <DIR> d-------- C:\Programme\Logitech
2007-04-16 22:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-16 22:27 <DIR> d-------- C:\Programme\Winwall
2007-04-16 22:27 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Winwall
2007-04-16 22:26 <DIR> d-------- C:\Programme\Symantec
2007-04-16 22:24 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-04-16 22:24 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-04-16 22:24 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-04-16 22:23 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Acronis
2007-04-16 22:23 <DIR> d-------- C:\Programme\Acronis
2007-04-16 22:20 19,584 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2007-04-16 22:20 <DIR> d-------- C:\Programme\MozBackup
2007-04-16 22:20 <DIR> d-------- C:\Programme\BWMeter
2007-04-16 22:16 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Thunderbird
2007-04-16 22:16 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Talkback
2007-04-16 22:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-16 21:59 <DIR> d-------- C:\Programme\G-Scriptv4.6
2007-04-16 21:55 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-16 21:54 <DIR> d-------- C:\NVIDIA
2007-04-16 21:24 <DIR> d-------- C:\Programme\Ahead
2007-04-16 21:19 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Ahead
2007-04-16 21:18 <DIR> d-------- C:\Program Files
2007-04-16 21:17 <DIR> d-------- C:\Programme\ICQLite
2007-04-16 21:17 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\ICQLite
2007-04-16 21:13 <DIR> d-------- C:\Programme\Nero
2007-04-16 21:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-04-16 21:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
2007-04-16 21:06 <DIR> d-------- C:\Programme\FileZilla Server
2007-04-16 21:06 <DIR> d-------- C:\Programme\FileZilla
2007-04-16 21:02 <DIR> d-------- C:\Programme\rulesPlayer
2007-04-16 21:01 <DIR> d-------- C:\Programme\ScummVM
2007-04-16 21:01 <DIR> d-------- C:\Programme\DOSBox-0.70
2007-04-16 21:01 <DIR> d-------- C:\Programme\D-Fend
2007-04-16 20:59 <DIR> d-------- C:\Programme\Snarfware
2007-04-16 20:59 <DIR> d-------- C:\Programme\RapidCRC
2007-04-16 20:59 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Snarfware
2007-04-16 20:57 <DIR> d-------- C:\Programme\Paint.NET
2007-04-16 20:56 <DIR> d-------- C:\Programme\Google
2007-04-16 20:56 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Google
2007-04-16 20:55 <DIR> d-------- C:\Programme\Foxit Software
2007-04-16 20:54 <DIR> d-------- C:\Programme\DAMN NFO Viewer
2007-04-16 20:53 <DIR> d-------- C:\Programme\Mozilla Sunbird
2007-04-16 20:52 3,442 --a------ C:\WINDOWS\mozver.dat
2007-04-16 20:52 <DIR> d-------- C:\Programme\Mozilla Thunderbird
2007-04-16 20:31 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Lavasoft
2007-04-16 20:30 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-04-16 20:29 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-16 20:29 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-16 20:29 <DIR> dr------- C:\WINDOWS\Web
2007-04-16 20:29 <DIR> d--h----- C:\WINDOWS\inf
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system32
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\system
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\security
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Resources
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\repair
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\mui
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\msapps
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\msagent
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Media
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\java
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\ime
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Help
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\ehome
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Debug
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\Config
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS\addins
2007-04-16 20:29 <DIR> d-------- C:\WINDOWS
2007-04-16 20:03 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-16 19:46 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\SmartFTP
2007-04-16 19:43 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-16 19:43 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-16 19:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-16 19:43 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-16 19:43 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-16 19:43 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-16 19:43 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-16 19:43 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-16 19:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-16 19:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-16 19:43 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-16 19:43 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-16 19:42 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-16 19:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-16 19:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-16 19:41 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-16 19:41 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-16 19:41 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-16 19:41 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-16 19:41 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-16 19:41 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-16 19:40 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-16 19:40 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-16 19:40 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-16 19:40 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-16 19:40 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-16 19:40 121,856 --a------ C:\WINDOWS\system32\TWEAKUI.EXE
2007-04-16 19:40 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-16 19:40 <DIR> d-------- C:\Programme\xp-AntiSpy
2007-04-16 19:40 <DIR> d-------- C:\Programme\winamp
2007-04-16 19:40 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-04-16 19:40 <DIR> d-------- C:\Programme\RegCleaner
2007-04-16 19:40 <DIR> d-------- C:\Programme\Lavasoft
2007-04-16 19:40 <DIR> d-------- C:\Programme\CrackDownloader
2007-04-16 19:40 <DIR> d-------- C:\Programme\Craagle
2007-04-16 19:40 <DIR> d-------- C:\Programme\CCleaner
2007-04-16 19:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-16 19:40 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\TuneUp Software
2007-04-16 19:39 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-16 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-16 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-16 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-16 19:39 <DIR> dr------- C:\Programme
2007-04-16 19:39 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-16 19:39 <DIR> d-------- C:\Programme\UltraISO
2007-04-16 19:39 <DIR> d-------- C:\Programme\OO Software
2007-04-16 19:39 <DIR> d-------- C:\Programme\IrfanView
2007-04-16 19:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2007-04-16 19:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ODBC
2007-04-16 19:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2007-04-16 19:39 <DIR> d-------- C:\Programme\Foxit PDF Reader
2007-04-16 19:39 <DIR> d-------- C:\Programme\DVD Shrink DE
2007-04-16 19:39 <DIR> d-------- C:\Programme\DVD Decrypter
2007-04-16 19:39 <DIR> d-------- C:\Programme\7-Zip
2007-04-16 19:39 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-04-16 19:38 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-16 19:38 9,200 --a------ C:\WINDOWS\system\VER.DLL
2007-04-16 19:38 86,556 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-16 19:38 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-16 19:38 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-16 19:38 76,288 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-16 19:38 70,368 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-16 19:38 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-16 19:38 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-16 19:38 69,632 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-16 19:38 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-16 19:38 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-16 19:38 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-16 19:38 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-16 19:38 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-16 19:38 33,744 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-16 19:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-16 19:38 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-16 19:38 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-16 19:38 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-16 19:38 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-16 19:38 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-16 19:38 13,824 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-16 19:38 127,104 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-16 19:38 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-16 19:38 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-16 19:38 103,936 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-16 19:38 <DIR> dr-h----- C:\DOKUME~1\DEFAUL~1\Lokale Einstellungen
2007-04-16 19:38 <DIR> dr-h----- C:\DOKUME~1\DEFAUL~1\Anwendungsdaten
2007-04-16 19:38 <DIR> dr-h----- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten
2007-04-16 19:38 <DIR> dr------- C:\DOKUME~1\DEFAUL~1\Startmen
2007-04-16 19:38 <DIR> dr------- C:\DOKUME~1\ALLUSE~1\Startmen
2007-04-16 19:38 <DIR> dr------- C:\DOKUME~1\ALLUSE~1\Dokumente
2007-04-16 19:38 <DIR> d--h----- C:\DOKUME~1\DEFAUL~1\Vorlagen
2007-04-16 19:38 <DIR> d--h----- C:\DOKUME~1\DEFAUL~1\Netzwerkumgebung
2007-04-16 19:38 <DIR> d--h----- C:\DOKUME~1\DEFAUL~1\Druckumgebung
2007-04-16 19:38 <DIR> d--h----- C:\DOKUME~1\ALLUSE~1\Vorlagen
2007-04-16 19:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-16 19:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-16 19:38 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-16 19:38 <DIR> d-------- C:\Programme\Microsoft.NET
2007-04-16 19:38 <DIR> d-------- C:\Programme\Microsoft Works
2007-04-16 19:38 <DIR> d-------- C:\DOKUME~1\DEFAUL~1\Favoriten
2007-04-16 19:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Favoriten
2007-04-16 19:37 98,304 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-16 19:37 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-16 19:37 57,344 --a------ C:\WINDOWS\system32\Qa3d.dll
2007-04-16 19:37 40,960 --a------ C:\WINDOWS\system32\Qa3dload.dll
2007-04-16 19:37 4,011,264 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-16 19:37 36,864 --a------ C:\WINDOWS\system32\Ftdll32.dll
2007-04-16 19:37 320,164 --a------ C:\WINDOWS\system32\drivers\fm801.sys
2007-04-16 19:37 10,528,256 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-16 19:37 10,240 --a------ C:\WINDOWS\system32\drivers\nvmpu401.sys
2007-04-16 19:37 10,107 --a------ C:\WINDOWS\system32\drivers\fmjoy.sys
2007-04-16 19:36 32,256 --a------ C:\WINDOWS\system32\drivers\nvcoam.dll
2007-04-16 19:36 294,400 --a------ C:\WINDOWS\system32\idecoi.dll
2007-04-16 19:36 248,832 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2007-04-16 19:36 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-04-16 19:36 16,640 --a------ C:\WINDOWS\system32\drivers\nvcchflt.sys
2007-04-16 19:36 143,360 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-16 19:36 102,528 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys
2007-04-16 19:36 10,368 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2007-04-16 19:35 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-04-16 19:35 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-16 19:34 <DIR> d--hs---- C:\System Volume Information
2007-04-16 19:34 <DIR> d-------- C:\Dokumente und Einstellungen
2007-04-16 19:23 262,144 --a------ C:\DOKUME~1\ALLUSE~1\ntuser.dat
2007-04-16 19:23 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-16 19:21 <DIR> d-------- C:\Programme\MSBuild
2007-04-16 19:18 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-16 19:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-04-16 19:18 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Help
2007-04-16 19:17 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-16 19:17 <DIR> d-------- C:\Programme\Reference Assemblies
2007-04-16 19:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-16 19:16 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-16 19:16 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-04-16 19:15 <DIR> d-------- C:\WINDOWS\system32\de-de
2007-04-16 19:11 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-16 19:11 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-16 19:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-16 19:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
2007-04-16 19:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-04-16 19:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-04-16 19:01 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-16 19:01 <DIR> d--hs---- C:\DOKUME~1\ADMINI~1\UserData
2007-04-16 19:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-16 18:59 <DIR> d--hs---- C:\RECYCLER
2007-04-16 18:52 3,145,728 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2007-04-16 18:52 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-16 18:52 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-04-16 18:52 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen
2007-04-16 18:52 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten
2007-04-16 18:52 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien
2007-04-16 18:52 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2007-04-16 18:52 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen
2007-04-16 18:52 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-04-16 18:52 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-04-16 18:52 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-04-16 18:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-04-16 18:51 786,432 --ah----- C:\DOKUME~1\NETWOR~1\NTUSER.DAT
2007-04-16 18:51 786,432 --ah----- C:\DOKUME~1\LOCALS~1\NTUSER.DAT
2007-04-16 18:51 <DIR> d--h----- C:\DOKUME~1\NETWOR~1\Lokale Einstellungen
2007-04-16 18:51 <DIR> d--h----- C:\DOKUME~1\LOCALS~1\Lokale Einstellungen
2007-04-16 18:51 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-16 18:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-16 18:51 <DIR> d-------- C:\DOKUME~1\NETWOR~1\Anwendungsdaten
2007-04-16 18:51 <DIR> d-------- C:\DOKUME~1\LOCALS~1\Anwendungsdaten
2007-04-16 18:48 245,760 ---h----- C:\DOKUME~1\DEFAUL~1\NTUSER.DAT
2007-04-16 18:48 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-16 18:48 0 -rahs---- C:\MSDOS.SYS
2007-04-16 18:48 0 -rahs---- C:\IO.SYS
2007-04-16 18:48 0 --a------ C:\CONFIG.SYS
2007-04-16 18:48 0 --a------ C:\AUTOEXEC.BAT
2007-04-16 18:48 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-16 18:48 <DIR> d-------- C:\Programme\microsoft frontpage
2007-04-16 18:47 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-16 18:47 <DIR> d--hs---- C:\DOKUME~1\ALLUSE~1\DRM
2007-04-16 18:47 <DIR> d--h----- C:\Programme\WindowsUpdate
2007-04-16 18:47 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-16 18:47 <DIR> d-------- C:\Programme\Online-Dienste
2007-04-16 18:46 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-16 18:46 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-16 18:46 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-16 18:46 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-16 18:46 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-16 18:46 70,144 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-16 18:46 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-16 18:46 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-16 18:46 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-16 18:46 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-16 18:46 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-16 18:46 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-16 18:46 51,712 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-16 18:46 466,200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-16 18:46 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-16 18:46 44,032 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-16 18:46 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-16 18:46 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-16 18:46 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-16 18:46 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-16 18:46 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-16 18:46 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-16 18:46 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-16 18:46 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-16 18:46 280,064 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-16 18:46 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-16 18:46 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-16 18:46 242,176 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-16 18:46 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-16 18:46 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-16 18:46 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-16 18:46 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-16 18:46 174,872 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-16 18:46 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-16 18:46 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-16 18:46 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-16 18:46 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-16 18:46 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-16 18:46 128,280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-16 18:46 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-16 18:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-16 18:46 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-16 18:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-16 18:46 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-16 18:46 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-16 18:46 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-16 18:46 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-16 18:46 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-16 18:46 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-16 18:46 <DIR> d-------- C:\Programme\Movie Maker
2007-04-16 18:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2007-04-16 18:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Dienste
2007-04-16 18:45 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-16 18:45 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-16 18:45 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-16 18:45 683,520 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-16 18:45 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-04-16 18:45 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-16 18:45 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-16 18:45 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-16 18:45 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-16 18:45 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-16 18:45 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-16 18:45 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-16 18:45 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-16 18:45 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-16 18:45 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-16 18:45 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-16 18:45 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-16 18:45 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-16 18:45 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-04-16 18:45 21,740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-16 18:45 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-16 18:45 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-16 18:45 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-16 18:45 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-16 18:45 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-16 18:45 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-16 18:45 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-16 18:45 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-16 18:45 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-16 18:45 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-16 18:45 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-16 18:45 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-16 18:45 139,776 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-16 18:45 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-16 18:45 120,320 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-16 18:45 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-16 18:45 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-04-16 18:45 1,237 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-16 18:45 <DIR> d-------- C:\WINDOWS\Registration
2007-04-16 18:45 <DIR> d-------- C:\Programme\Online Services
2007-04-16 18:45 <DIR> d-------- C:\Programme\MSN Gaming Zone
2007-04-16 18:45 <DIR> d-------- C:\Programme\Messenger
2007-04-16 18:44 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-16 18:44 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-16 18:44 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-16 18:44 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-16 18:44 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-16 18:44 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-16 18:44 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-16 18:44 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-16 18:44 61,440 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-16 18:44 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-16 18:44 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-16 18:44 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-16 18:44 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-16 18:44 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-16 18:44 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-16 18:44 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-16 18:44 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-04-16 18:44 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-16 18:44 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-16 18:44 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-16 18:44 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-16 18:44 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-16 18:44 356,352 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-16 18:44 346,624 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-16 18:44 297,472 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-16 18:44 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-16 18:44 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-16 18:44 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-16 18:44 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-16 18:44 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-16 18:44 189,440 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-16 18:44 188,416 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-16 18:44 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-16 18:44 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-16 18:44 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-16 18:44 142,848 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-16 18:44 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-16 18:44 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-16 18:44 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-16 18:44 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-16 18:44 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-16 18:44 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-16 18:44 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-16 18:44 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-16 18:44 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-16 18:44 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-16 18:44 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-16 18:44 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-16 18:44 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-16 18:44 <DIR> d-------- C:\Programme\Windows NT

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-16 22:42 78360 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-16 22:42 442770 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-16 19:38 62 --ahs---- C:\DOKUME~1\ADMINI~1\ANWEND~1\desktop.ini
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:48 579584 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:48 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:48 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:45 1844096 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-16 18:50 14368 --a------ C:\WINDOWS\system32\relog_ap.dll
2007-02-14 19:14 17440 --a------ C:\WINDOWS\system32\acrotls.dll
2007-02-14 19:05 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-14 19:05 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-14 19:01 206368 --a------ C:\WINDOWS\system32\snapapi.dll
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-22 17:23 6912 --a------ C:\WINDOWS\nvoclock.sys
2007-01-22 17:23 385024 --a------ C:\WINDOWS\ntuneoem.dll
2007-01-22 17:22 28672 --a------ C:\WINDOWS\autotunescript.dll
2007-01-22 17:22 1622016 --a------ C:\WINDOWS\nvbenchmarks.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} C:\WINDOWS\system32\opnlljj.dll
{7B14CFB9-9329-4B8B-89F0-A3C582A0ADD3} C:\WINDOWS\system32\boxwguvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"SystemTray"="SysTray.Exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"UnlockerAssistant"="\"C:\\Programme\\Unlocker\\UnlockerAssistant.exe\""
"FileZilla Server Interface"="\"C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"512id"="C:\\Programme\\512i digital\\512id.exe /minimize"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RouterControl"="C:\\PROGRA~1\\ROUTER~1\\ROUTERCONTROL.EXE"
"NVIDIA nTune"="\"C:\\Programme\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Snarfer"="C:\\Programme\\Snarfware\\Snarfer\\snarfer.exe /startminimized"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlljj

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-19 9:29:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-19 09:29

Code

07-04-18 13:47      281172    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkji.dll.vir
07-04-18 13:47      510574    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkmp.bak1.vir
07-04-19 09:27      527322    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkmp.ini.vir


Auflistung der Ordnerpfade fr Volume Main
Volumenummer: B82F-F1CE
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINDOWS
    |       \---system32
    |               ijkmp.bak1.vir
    |               ijkmp.ini.vir
    |               pmkji.dll.vir
    |               
    \---Registry_backups

datfind.bat Logs :
Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\WINDOWS\system32

19.04.2007 09:32 427.592 perfh009.dat
19.04.2007 09:32 66.376 perfc009.dat
19.04.2007 09:32 78.360 perfc007.dat
19.04.2007 09:32 442.770 perfh007.dat
19.04.2007 09:32 1.028.992 PerfStringBackup.INI
19.04.2007 09:28 88.566 nvapps.xml
19.04.2007 09:28 4.365 OODBS.lor
18.04.2007 13:47 125.460 boxwguvn.dll
18.04.2007 13:36 26.714 opnlljj.dll
18.04.2007 11:49 2.206 wpa.dbl
17.04.2007 23:35 155.648 libssl32.dll
16.04.2007 23:58 10.752 BASSMOD.dll
16.04.2007 19:43 0 h323log.txt
16.04.2007 19:42 165.912 FNTCACHE.DAT
16.04.2007 19:17 16.832 amcompat.tlb
16.04.2007 19:17 23.392 nscompat.tlb
16.04.2007 19:15 122.142 TZLog.log
16.04.2007 18:50 947 $winnt$.inf
16.04.2007 18:48 2.951 CONFIG.NT
16.04.2007 18:47 488 logonui.exe.manifest
16.04.2007 18:47 488 WindowsLogon.manifest
16.04.2007 18:47 749 wuaucpl.cpl.manifest
16.04.2007 18:47 749 cdplayer.exe.manifest
16.04.2007 18:47 749 sapi.cpl.manifest
16.04.2007 18:47 749 nwc.cpl.manifest
16.04.2007 18:47 749 ncpa.cpl.manifest
16.04.2007 18:45 21.740 emptyregdb.dat
03.04.2007 13:48 13.511.640 MRT.exe
17.03.2007 15:45 293.376 winsrv.dll
15.03.2007 18:19 1.476.992 LegitCheckControl.dll
15.03.2007 18:17 337.280 WgaTray.exe
15.03.2007 18:16 236.928 WgaLogon.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:48 40.960 mf3216.dll
08.03.2007 17:48 282.112 gdi32.dll
08.03.2007 17:48 579.584 user32.dll
08.03.2007 17:45 1.844.096 win32k.sys
28.02.2007 18:02 2.059.904 ntkrnlpa.exe
28.02.2007 18:02 2.182.656 ntoskrnl.exe
21.02.2007 21:00 10.752 ff_vfw.dll
16.02.2007 18:50 14.368 relog_ap.dll
16.02.2007 10:54 49.152 QuickTime.qts
16.02.2007 10:54 65.536 QuickTimeVR.qtx
14.02.2007 19:14 17.440 acrotls.dll
14.02.2007 19:05 348.160 msvcr71.dll
14.02.2007 19:05 499.712 msvcp71.dll
14.02.2007 19:01 206.368 snapapi.dll
05.02.2007 22:18 185.856 upnphost.dll
01.02.2007 05:56 639.066 divx.dll
30.01.2007 06:03 3.596.288 qt-dx331.dll
30.01.2007 06:03 200.704 ssldivx.dll
30.01.2007 06:03 1.044.480 libdivx.dll
30.01.2007 05:56 196.608 dtu100.dll
30.01.2007 05:56 73.728 dpl100.dll
30.01.2007 01:46 69.632 KemXML.dll
30.01.2007 01:46 163.840 kemutb.dll
30.01.2007 01:46 110.592 KemWnd.dll
30.01.2007 01:46 135.168 KemUtil.dll
29.01.2007 10:58 60.416 tzchange.exe
23.01.2007 21:27 546.304 hhctrl.ocx
23.01.2007 15:45 1.419.024 WdfCoInstaller01005.dll
20.01.2007 21:26 1.565.480 wmv9vcm.dll
12.01.2007 09:27 670.720 mstime.dll
12.01.2007 09:27 132.608 extmgr.dll
12.01.2007 09:27 51.712 msfeedsbs.dll
12.01.2007 09:27 1.149.952 urlmon.dll
12.01.2007 09:27 232.960 webcheck.dll
12.01.2007 09:27 822.784 wininet.dll
12.01.2007 09:27 27.136 jsproxy.dll
12.01.2007 09:27 477.696 mshtmled.dll
12.01.2007 09:27 3.580.416 mshtml.dll
12.01.2007 09:27 6.054.400 ieframe.dll
12.01.2007 09:27 458.752 msfeeds.dll
10.01.2007 17:42 1.040.384 ieframe.dll.mui
08.01.2007 19:04 105.984 url.dll
08.01.2007 19:04 102.400 occache.dll
08.01.2007 19:03 193.024 msrating.dll
08.01.2007 19:02 1.823.744 inetcpl.cpl
08.01.2007 19:02 44.544 iernonce.dll
08.01.2007 19:02 266.752 iertutil.dll
08.01.2007 19:02 384.000 iedkcs32.dll
08.01.2007 19:02 161.792 ieakui.dll
08.01.2007 19:02 383.488 ieapfltr.dll
08.01.2007 19:02 230.400 ieaksie.dll
08.01.2007 19:02 153.088 ieakeng.dll
08.01.2007 19:00 124.928 advpack.dll
08.01.2007 18:08 56.832 ie4uinit.exe
08.01.2007 18:08 13.824 ieudinit.exe
04.01.2007 16:02 474.624 shlwapi.dll
04.01.2007 16:02 1.498.112 shdocvw.dll
04.01.2007 16:01 1.056.256 danim.dll
04.01.2007 16:01 1.022.976 browseui.dll
04.01.2007 16:01 152.064 cdfview.dll

Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

19.04.2007 09:28 16.384 ~DFB88.tmp
19.04.2007 09:28 512 ~DFE421.tmp
19.04.2007 09:28 16.384 ~DFE26D.tmp
3 Datei(en) 33.280 Bytes
0 Verzeichnis(se), 7.512.178.688 Bytes frei

Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\WINDOWS

19.04.2007 09:28 0 0.log
19.04.2007 09:28 340.836 WindowsUpdate.log
19.04.2007 09:28 2.048 bootstat.dat
19.04.2007 08:48 110.802 ntbtlog.txt
18.04.2007 13:51 2.736 SchedLgU.Txt
18.04.2007 13:25 32 autorun.INI
18.04.2007 13:18 25.026 setupapi.log
17.04.2007 13:02 1.409 QTFont.for
17.04.2007 13:02 54.156 QTFont.qfn
17.04.2007 10:40 69 NeroDigital.ini
17.04.2007 03:05 1.875 RouterControl_Uninstall.in
16.04.2007 22:30 1.057.456 setupapi.log.0.old
16.04.2007 22:05 0 nsreg.dat
16.04.2007 20:52 3.442 mozver.dat
16.04.2007 20:52 344 win.ini
16.04.2007 19:39 400 ODBC.INI
16.04.2007 19:38 231 system.ini
16.04.2007 19:11 316.640 WMSysPr9.prx
16.04.2007 18:51 8.192 REGLOCS.OLD
16.04.2007 18:48 0 control.ini
16.04.2007 18:48 4.161 ODBCINST.INI
16.04.2007 18:47 749 WindowsShell.Manifest
16.04.2007 18:45 36 vb.ini
16.04.2007 18:45 37 vbaddin.ini
04.04.2007 13:22 330.336 RCoUn.EXE
23.01.2007 15:44 101.136 KHALMNPR.Exe
22.01.2007 17:23 6.912 nvoclock.sys
22.01.2007 17:23 385.024 ntuneoem.dll
22.01.2007 17:22 1.622.016 NVBenchMarks.dll
22.01.2007 17:22 28.672 AutoTuneScript.dll
10.01.2007 00:59 217.088 NVGfxOgl.dll

Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\WINDOWS\TEMP

Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\WINDOWS\Downloaded Program Files

16.04.2007 18:47 65 desktop.ini
26.05.2005 04:19 291 wuweb.inf
2 Datei(en) 356 Bytes
0 Verzeichnis(se), 7.512.219.648 Bytes frei

Datentr„ger in Laufwerk C: ist Main
Volumeseriennummer: B82F-F1CE

Verzeichnis von C:\

19.04.2007 09:36 0 sys.txt
19.04.2007 09:35 334 down.txt
19.04.2007 09:35 108 tmp.txt
19.04.2007 09:34 4.058 system.txt
19.04.2007 09:34 383 systemtemp.txt
19.04.2007 09:33 104.872 system32.txt
19.04.2007 09:29 40.430 ComboFix.txt
18.04.2007 13:27 2 -1204817458
16.04.2007 18:52 16.204 DPsFnshr.log
16.04.2007 18:48 0 MSDOS.SYS
16.04.2007 18:48 0 AUTOEXEC.BAT
16.04.2007 18:48 0 CONFIG.SYS
16.04.2007 18:48 0 IO.SYS
16.04.2007 18:43 211 boot.ini
03.08.2004 23:59 251.184 ntldr
03.08.2004 23:38 47.564 NTDETECT.COM
23.08.2001 15:00 4.952 bootfont.bin
17 Datei(en) 470.302 Bytes
0 Verzeichnis(se), 7.512.215.552 Bytes frei

wäre lieb von euch wenn mir jemand helfen könnte, diese Fehler zu beheben.

19.04.2007, 10:47

Chris4You

Member

Beiträge: 694

#2 Hi,

virustotal:
File bitte prüfen da unbekannt, falls dieses
als Virus/Trojaner erkannt wird, bitte
File mit Pfad beim Avengerscrip (Files to
delete) ergänzen (+ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B14CFB9-9329-4B8B-89F0-A3C582A0ADD3} bei keys do delete)!

Zitat

C:\WINDOWS\system32\boxwguvn.dll

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Also:
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlljj

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}

Registry values to replace with dummy:

Files to delete:
C:\WINDOWS\system32\opnlljj.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

scanne mit ewido und poste den scanreport & neues Hijackthislog
http://virus-protect.org/onlinescan.html

Chris

Dieser Beitrag wurde am 19.04.2007 um 10:52 Uhr von Chris4You editiert.

19.04.2007, 10:57

DocEvil

Member

Themenstarter

Beiträge: 16

#3 die Virenscanner bei Virustotal sind sich nicht einig obs nenVirus ist oder nicht, hier die Ergebnisse des Scans :

Antivirus Version Update Result
AhnLab-V3 2007.4.19.1 04.19.2007 no virus found
AntiVir 7.3.1.53 04.19.2007 TR/Agent.125460
Authentium 4.93.8 04.18.2007 no virus found
Avast 4.7.981.0 04.19.2007 no virus found
AVG 7.5.0.447 04.18.2007 no virus found
BitDefender 7.2 04.19.2007 no virus found
CAT-QuickHeal 9.00 04.18.2007 no virus found
ClamAV devel-20070416 04.19.2007 no virus found
DrWeb 4.33 04.19.2007 no virus found
eSafe 7.0.15.0 04.18.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3579 04.19.2007 no virus found
Ewido 4.0 04.18.2007 no virus found
FileAdvisor 1 04.19.2007 no virus found
Fortinet 2.85.0.0 04.19.2007 no virus found
F-Prot 4.3.2.48 04.18.2007 no virus found
F-Secure 6.70.13030.0 04.19.2007 no virus found
Ikarus T3.1.1.5 04.19.2007 MalwareScope.Trojan-Spy.BZub.1
Kaspersky 4.0.2.24 04.19.2007 no virus found
McAfee 5012 04.18.2007 no virus found
Microsoft 1.2405 04.19.2007 no virus found
NOD32v2 2203 04.19.2007 no virus found
Norman 5.80.02 04.19.2007 no virus found
Panda 9.0.0.4 04.18.2007 Suspicious file
Prevx1 V2 04.19.2007 no virus found
Sophos 4.16.0 04.17.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 no virus found
Symantec 10 04.19.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.18.2007 no virus found
VirusBuster 4.3.7:9 04.18.2007 no virus found
Webwasher-Gateway 6.0.1 04.19.2007 Trojan.Agent.125460

Aditional Information
File size: 125460 bytes
MD5: 9fe0b11d3dc4a5460af58d357230f744
SHA1: 54e0d6a8a03126fcbbfa716b7c50ac6aecbc4b21
packers: MORPHINE

Da andre was du geschrieben hast führe ich nach diesem Post aus.

19.04.2007, 11:47

Chris4You

Member

Beiträge: 694

#4 Hmm,

ich tendiere dazu im abgesicherten die Datei umzubennen...
Dann ist die Wiederherstellung einfacher, als sie aus dem Avengerbackup heraus zuholen, wenn etwas nicht mehr läuft....

Schicke die Datei (C:\WINDOWS\system32\boxwguvn.dll) bitte an virus@protecus.de...

Chris

19.04.2007, 11:49

DocEvil

Member

Themenstarter

Beiträge: 16

#5 so hier einmal die Ergebnisse von Evido:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Quarterserver
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ads-205.quarterserver[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@cpvfeed[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ivwbox[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Etracker
Path: C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@www.etracker[1].txt
Risk: Medium

Name: Not-A-Virus.RemoteAdmin.Win32.NetCat
Path: C:\Dokumente und Einstellungen\Administrator\Desktop\Komplettpaket\Reconnect\Fritz!Box\bat\nc.exe
Risk: Low

Name: Not-A-Virus.RemoteAdmin.Win32.NetCat
Path: C:\Dokumente und Einstellungen\Administrator\Desktop\Komplettpaket\Reconnect\Fritz!Box\bat2\nc.exe
Risk: Low

Name: Not-A-Virus.RemoteAdmin.Win32.NetCat
Path: C:\Dokumente und Einstellungen\Administrator\Desktop\Komplettpaket\Reconnect\Fritz!Box\exe\nc.exe
Risk: Low

Name: Not-A-Virus.RemoteAdmin.Win32.NetCat
Path: C:\Dokumente und Einstellungen\Administrator\Desktop\Komplettpaket\Reconnect\Fritz!Box\FritzBoxDisconnect.rar/exe\nc.exe
Risk: Low

und hier nochmal das aktuelle Log von Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 11:46, on 19.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\512i digital\512id.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Snarfware\Snarfer\snarfer.exe
C:\Programme\FileZilla Server\FileZilla Server.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\Programme\BWMeter\BWMeter.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [512id] C:\Programme\512i digital\512id.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [gmbpwjsl] C:\tflkvfes.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snarfer] C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: BWMeter.lnk = C:\Programme\BWMeter\BWMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programme\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176742898203
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

19.04.2007, 12:33

Chris4You

Member

Beiträge: 694

#6 Hi,

soweit so gut, nur was ist das hier:

O4 - HKLM\..\Run: [gmbpwjsl] C:\tflkvfes.bat

Schau Dir mal die Datei näher an ...

Soweit ist das Log OK....

Chris

19.04.2007, 13:03

DocEvil

Member

Themenstarter

Beiträge: 16

Zitat

Chris4You postete
Hi,

soweit so gut, nur was ist das hier:

O4 - HKLM\..\Run: [gmbpwjsl] C:\tflkvfes.bat

Schau Dir mal die Datei näher an ...

Soweit ist das Log OK....

Chris

das war ne Batchdatei vom Avenger.

hmm, irgendwas ist immer noch nicht ganz in Ordnung, oder gibt es hier im Forum Werbe-Popups ???
Weil das ist zur Zeit die einzige Seite die ich aufhabe, und es wird ne neuse Seite mit dieser URL geladen :
hxp://w**.hollywood.com/?CMP=OTC-gen0407innov

Dieser Beitrag wurde am 19.04.2007 um 13:09 Uhr von DocEvil editiert.

19.04.2007, 13:46

Chris4You

Member

Beiträge: 694

#8 Hi,

dann bleibt nur noch DealioSearch...
Bitte fixen und per Avenger löschen...

combo-Scan
- Systeminformationen
- Installierte Programme
- New Files created
- Autostart entries
http://virus-protect.org/artikel/tools/comboscan.html

Chris

19.04.2007, 14:04

DocEvil

Member

Themenstarter

Beiträge: 16

#9 hier das Log von ComboScan :

ComboScan v20070306.20 run by Administrator on 2007-04-19 at 13:52:10
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 3000+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1023.48 MiB / 698.03 MiB
Pagefile Memory (total/avail): 2464.67 MiB / 2209.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1994.52 MiB

C: is Fixed (NTFS) - 14.65 GiB total, 9.15 GiB free.
D: is Fixed (NTFS) - 3 GiB total, 1.49 GiB free.
E: is Fixed (NTFS) - 120.01 GiB total, 1.01 GiB free.
F: is Fixed (NTFS) - 160.42 GiB total, 14.6 GiB free.
G: is Fixed (NTFS) - 97.65 GiB total, 39.9 GiB free.
H: is Fixed (NTFS) - 135.22 GiB total, 43.91 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 298.09 GiB total, 4.13 GiB free.
L: is Fixed (NTFS) - 9.77 GiB total, 9.72 GiB free.
M: is Fixed (NTFS) - 100.45 GiB total, 100.38 GiB free.
N: is Fixed (NTFS) - 79.7 GiB total, 79.63 GiB free.
O: is CDROM (No Media)
P: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v 6.38.1.3
(Avira GmbH)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Administrator
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Gemeinsame Dateien\Ahead\Lib
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Administrator
USERPROFILE=C:\Dokumente und Einstellungen\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
512i digital ControlPanel (remove only) --> "C:\Programme\512i digital\uninst.exe"
7-Zip 4.45 beta --> "C:\Programme\7-Zip\Uninstall.exe"
AcronisTrueImageHome --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0 --> "C:\Programme\DAEMON Tools\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BWMeter V2.6.4 --> C:\Programme\BWMeter\Uninstall.exe
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
D-Fend v2 --> "C:\Programme\D-Fend\uninstall.exe"
DVD Decrypter (Remove Only) --> "C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 deutsch --> "C:\Programme\DVD Shrink DE\unins000.exe"
FileZilla (remove only) --> "C:\Programme\FileZilla\uninstall.exe"
FileZilla Server (remove only) --> "C:\Programme\FileZilla Server\uninstall.exe"
Foxit Reader --> C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe
K-Lite Mega Codec Pack 1.71 --> "C:\Programme\K-Lite Codec Pack\unins000.exe"
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 -l0007 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Programme\G-Scriptv4.6\mircG4.6.exe" -uninstall
MozBackup 1.4.6 --> "C:\Programme\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.3) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1) --> C:\Programme\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (1.5) --> C:\Programme\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (de)"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 Ultra Edition --> MsiExec.exe /I{42F7C377-2A1F-44FB-A17F-053C29E81031}
Nero MediaHome CE --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
Norton PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1031
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OpenSSL 0.9.6m --> C:\OpenSSL\unins000.exe
Paint.NET v3.05 --> MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}
PropertiesPlus (Remove Only) --> C:\WINDOWS\system32\ShellExt\ppsetup.exe /uninstall
QuickTime Alternative 1.80 --> "C:\Programme\QuickTime Alternative\unins000.exe"
RapidCRC 0.6.1 --> C:\Programme\RapidCRC\uninst.exe
Realtek AC'97 Audio --> Alcrmv.exe -r -m
RouterControl 1.80 --> C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
rulesPlayer 0.99 --> "C:\Programme\rulesPlayer\rulesuninstall.exe"
ScummVM 0.9.1 --> "C:\Programme\ScummVM\unins000.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Snarfer --> C:\Programme\Snarfware\Snarfer\uninstall.exe
Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UltraISO Premium V8.51 --> "C:\Programme\UltraISO\unins000.exe"
Unlocker 1.8.5 --> C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Winamp (remove only) --> "C:\Programme\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (DEU) --> MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows Workflow Foundation DE Language Pack --> MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
WinRAR --> C:\Programme\WinRAR\uninstall.exe
Winwall v2.1 --> C:\Programme\Winwall\unins000.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
xp-AntiSpy 3.96-4 --> C:\Programme\xp-AntiSpy\Uninstall.exe

-- End of ComboScan: finished at 2007-04-19 at 13:53:39 ------------------------

hier noch die Daten von Supplementary.txt:

ComboScan v20070306.20 run by Administrator on 2007-04-19 at 13:52:10
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 3000+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1023.48 MiB / 698.03 MiB
Pagefile Memory (total/avail): 2464.67 MiB / 2209.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1994.52 MiB

C: is Fixed (NTFS) - 14.65 GiB total, 9.15 GiB free.
D: is Fixed (NTFS) - 3 GiB total, 1.49 GiB free.
E: is Fixed (NTFS) - 120.01 GiB total, 1.01 GiB free.
F: is Fixed (NTFS) - 160.42 GiB total, 14.6 GiB free.
G: is Fixed (NTFS) - 97.65 GiB total, 39.9 GiB free.
H: is Fixed (NTFS) - 135.22 GiB total, 43.91 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 298.09 GiB total, 4.13 GiB free.
L: is Fixed (NTFS) - 9.77 GiB total, 9.72 GiB free.
M: is Fixed (NTFS) - 100.45 GiB total, 100.38 GiB free.
N: is Fixed (NTFS) - 79.7 GiB total, 79.63 GiB free.
O: is CDROM (No Media)
P: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v 6.38.1.3
(Avira GmbH)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Administrator
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Gemeinsame Dateien\Ahead\Lib
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Administrator
USERPROFILE=C:\Dokumente und Einstellungen\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
512i digital ControlPanel (remove only) --> "C:\Programme\512i digital\uninst.exe"
7-Zip 4.45 beta --> "C:\Programme\7-Zip\Uninstall.exe"
AcronisTrueImageHome --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0 --> "C:\Programme\DAEMON Tools\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BWMeter V2.6.4 --> C:\Programme\BWMeter\Uninstall.exe
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
D-Fend v2 --> "C:\Programme\D-Fend\uninstall.exe"
DVD Decrypter (Remove Only) --> "C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 deutsch --> "C:\Programme\DVD Shrink DE\unins000.exe"
FileZilla (remove only) --> "C:\Programme\FileZilla\uninstall.exe"
FileZilla Server (remove only) --> "C:\Programme\FileZilla Server\uninstall.exe"
Foxit Reader --> C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe
K-Lite Mega Codec Pack 1.71 --> "C:\Programme\K-Lite Codec Pack\unins000.exe"
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 -l0007 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Programme\G-Scriptv4.6\mircG4.6.exe" -uninstall
MozBackup 1.4.6 --> "C:\Programme\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.3) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1) --> C:\Programme\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (1.5) --> C:\Programme\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (de)"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 Ultra Edition --> MsiExec.exe /I{42F7C377-2A1F-44FB-A17F-053C29E81031}
Nero MediaHome CE --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
Norton PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1031
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OpenSSL 0.9.6m --> C:\OpenSSL\unins000.exe
Paint.NET v3.05 --> MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}
PropertiesPlus (Remove Only) --> C:\WINDOWS\system32\ShellExt\ppsetup.exe /uninstall
QuickTime Alternative 1.80 --> "C:\Programme\QuickTime Alternative\unins000.exe"
RapidCRC 0.6.1 --> C:\Programme\RapidCRC\uninst.exe
Realtek AC'97 Audio --> Alcrmv.exe -r -m
RouterControl 1.80 --> C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
rulesPlayer 0.99 --> "C:\Programme\rulesPlayer\rulesuninstall.exe"
ScummVM 0.9.1 --> "C:\Programme\ScummVM\unins000.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Snarfer --> C:\Programme\Snarfware\Snarfer\uninstall.exe
Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UltraISO Premium V8.51 --> "C:\Programme\UltraISO\unins000.exe"
Unlocker 1.8.5 --> C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Winamp (remove only) --> "C:\Programme\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (DEU) --> MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows Workflow Foundation DE Language Pack --> MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
WinRAR --> C:\Programme\WinRAR\uninstall.exe
Winwall v2.1 --> C:\Programme\Winwall\unins000.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
xp-AntiSpy 3.96-4 --> C:\Programme\xp-AntiSpy\Uninstall.exe

-- End of ComboScan: finished at 2007-04-19 at 13:53:39 ------------------------

bin nun zur Arbeit. werde dann wenn ich auf der Arbeit bin, hier wieder reinsehen und dann heute Nacht die Vorschläge abarbeiten.

19.04.2007, 14:42

Chris4You

Member

Beiträge: 694

#10 Hi,

hast Du die Datei geschickt (C:\WINDOWS\system32\boxwguvn.dll)?

Ist bisher noch nicht angekommen, bitte nochmal schicken, dann Datei mit Passwort packen (Passwort im Text angeben).

Hast Du "O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programme\Dealio\kb103\res\DealioSearch.html" gelöscht/gefixt?

Eigentlich müsste eine BHO rumhängen, finde aber keines...

Chris

19.04.2007, 15:57

DocEvil

Member

Themenstarter

Beiträge: 16

#11 ja, die Datei habe ich geschickt, Raman hatte mir per Mail schon geantwortet.

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programme\Dealio\kb103\res\DealioSearch.html
die hatte ich manuell über Hijackthis schon gelöscht.
Bin dann nochmal in Systemsteuerung ->Software gegangen und habe gesehen, das das Ding noch nen InstallerEintrag dort hatte. Habe es dann dort nochmal deinstalliert.

Bevor ich zzur Arbeit unterwegs war habe ich im IE7 nochmal reingesehen.
Unter den Addons ist einmal die C:\WINDOWS\system32\boxwguvn.dll aufgeführt und einmal ein Browser Helper Objekt.
Deaktivieren kann ich wohl beide, auch nach nem Schließen und wieder öffnen des Browsers bleiben die Einträge deaktiviert.
Nur nach einem Neustart sind sie wieder aktiv.
Das heißt irgendwas muß noch ausgeführt werden beim Rechnerstart.

19.04.2007, 16:29

Chris4You

Member

Beiträge: 694

#12 Hi,

habe jetzt auch Info von raman bekommen, war Maleware...
(Damit würde sich wahrscheinlich Avira über ein Email mit Anhang von Dir freuen) :o)...

Dann probieren wir jetzt die finale Lösung:
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B14CFB9-9329-4B8B-89F0-A3C582A0ADD3}

Registry values to replace with dummy:

Files to delete:
C:\WINDOWS\system32\boxwguvn.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

Danach noch mal Hijackthis u. kontrollieren ob wir sie erwischt haben...
Wenn Sie wieder auftaucht, dann hängt ein loader rum (der sich gut tarnt)...
W32/Agogot-JS tarnt sich als SOUNDMAN.EXE (mit RUN und als Dienst -> bei Dir
nur unter RUN, kannst ja mal prüfen lassen virustotal [ausserdem ändert er die Hosts-Datei]), andere Möglichkeit: services.exe (Troj/Ciadoor)->C:\WINDOWS\system32\services.exe)

Okay, prüfe Beide über virustotal.

Wenn ich heute abend zeit habe, schaue ich noch mal rein...

chris

Dieser Beitrag wurde am 19.04.2007 um 16:52 Uhr von Chris4You editiert.

19.04.2007, 16:49

DocEvil

Member

Themenstarter

Beiträge: 16

#13 wo du Soundman.Exe erwähnst....ich habe die tatsächlich drauf. Das merkwürde ist nur, bei mir ist momentan der Onboard Sound (nforce2 Soundlösung von NVidia) im Bios ausgeschaltet, und ich habe ne Terratec 512i digital als PCI Karte eingebaut, da ich den Joystickport bald wieder benötige.

Normalerweise ist bei der richtigen Soundman.exe ja unten im Systray neben der Uhr ja auch son blaues Icon....das fehlt dort. Auch wenn die Soundman exe ausgeführt wird.

Damit kann ich wohl sicher sein das sich wohl dahinter der von dir erwähnte Loader verbirgt.
Aber ich teste nachher erstmal wenn ich um 23.00 Uhr wieder @ Home bin nochmal mit dem Avenger und schaue dann mal was dann los ist.

Später mehr.

Edit um 01:49 Uhr:

Also habe nochmal den Avenger drauf angesetzt wie zuletzt gefordert.
Habe dann die Hijackthis.exe aufgrund der Empfehlung von einem Freund umbenannt und nochmal gescannt. Damit habe ich dann noch zwei versteckte Einträge finden können. Die habe ich dann mit Hijackthis fixen lassen.

Im Anschluß daran habe ich einmal Ad Aware und Spybot Search und Destroy durchlaufen lassen. Beide Tools nix gefunden.
Danach dann die beiden Online Malware Scanner von Ewido und A-Squared ausgeführt. Deren Funde noch gefixt.

So, nun hier die bereinigten Logs hoffentlich :
das erste Log mit der nicht umbenannten Hijackthis.exe

Logfile of HijackThis v1.99.1
Scan saved at 01:29, on 20.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [512id] C:\Programme\512i digital\512id.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snarfer] C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: BWMeter.lnk = C:\Programme\BWMeter\BWMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176742898203
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

das zweite Log mit der umbenannten Hijackthis.exe:

Logfile of HijackThis v1.99.1
Scan saved at 01:31, on 20.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [512id] C:\Programme\512i digital\512id.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snarfer] C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: BWMeter.lnk = C:\Programme\BWMeter\BWMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176742898203
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Combofix Infos :

Code

"Administrator" - 07-04-20  1:38:25    Service Pack 2  
ComboFix 07-04-19.1V - Running from: C:\Dokumente und Einstellungen\Administrator\Desktop\


(((((((((((((((((((((((((((((((   Files Created from 2007-03-20 to 2007-04-20  ))))))))))))))))))))))))))))))))))


2007-04-20 00:50    <DIR>    d--------    C:\Programme\Seagate
2007-04-19 13:37    504,379    ---hs----    C:\WINDOWS\system32\fhhkj.ini2
2007-04-19 13:24    43,584    --a------    C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-19 13:24    28,352    --a------    C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-19 09:38    481,577    ---hs----    C:\WINDOWS\system32\fhhkj.bak1
2007-04-19 08:47    <DIR>    d--------    C:\WINDOWS\CSC
2007-04-18 13:26    <DIR>    d--------    C:\WINDOWS\Web Download
2007-04-18 13:20    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft
2007-04-18 13:12    <DIR>    d--------    C:\Programme\Alcohol Soft
2007-04-18 12:02    <DIR>    d--------    C:\Programme\YASU_1.1_7035
2007-04-18 11:50    <DIR>    d--------    C:\Programme\DAEMON Tools
2007-04-18 11:50    <DIR>    d--------    C:\Programme\arniWORX
2007-04-17 23:35    155,648    --a------    C:\WINDOWS\system32\libssl32.dll
2007-04-17 23:35    <DIR>    d--------    C:\OpenSSL
2007-04-17 13:31    <DIR>    d--------    C:\Programme\ProcessExplorer
2007-04-17 13:27    <DIR>    d--------    C:\Programme\NVIDIA Corporation
2007-04-17 13:20    <DIR>    d--------    C:\Programme\æTorrent
2007-04-17 12:58    <DIR>    d--------    C:\Programme\QuickTime Alternative
2007-04-17 12:58    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-04-17 12:56    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2007-04-17 12:56    73,728    --a------    C:\WINDOWS\system32\dpl100.dll
2007-04-17 12:56    639,066    --a------    C:\WINDOWS\system32\divx.dll
2007-04-17 12:56    3,596,288    --a------    C:\WINDOWS\system32\qt-dx331.dll
2007-04-17 12:56    217,088    --a------    C:\WINDOWS\system32\yv12vfw.dll
2007-04-17 12:56    200,704    --a------    C:\WINDOWS\system32\ssldivx.dll
2007-04-17 12:56    196,608    --a------    C:\WINDOWS\system32\dtu100.dll
2007-04-17 12:56    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2007-04-17 12:56    10,752    --a------    C:\WINDOWS\system32\ff_vfw.dll
2007-04-17 12:56    1,565,480    --a------    C:\WINDOWS\system32\wmv9vcm.dll
2007-04-17 12:56    1,044,480    --a------    C:\WINDOWS\system32\libdivx.dll
2007-04-17 12:56    <DIR>    d--------    C:\Programme\K-Lite Codec Pack
2007-04-17 12:56    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Real
2007-04-17 12:56    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Real
2007-04-17 03:51    682,232    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-04-17 03:05    330,336    --a------    C:\WINDOWS\RCoUn.EXE
2007-04-17 03:05    <DIR>    d--------    C:\Programme\RouterControl
2007-04-17 00:16    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\uTorrent
2007-04-16 23:59    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\DeskSoft
2007-04-16 23:11    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2007-04-16 23:09    208,896    --a------    C:\WINDOWS\system32\nvudisp.exe
2007-04-16 23:09    <DIR>    d--------    C:\WINDOWS\nview
2007-04-16 22:51    208,896    --a------    C:\WINDOWS\system32\nvusmb.exe
2007-04-16 22:51    208,896    --a------    C:\WINDOWS\system32\nvumctl.exe
2007-04-16 22:51    208,896    --a------    C:\WINDOWS\system32\nvuide.exe
2007-04-16 22:51    208,896    --a------    C:\WINDOWS\system32\nvugart.exe
2007-04-16 22:51    208,896    --a------    C:\WINDOWS\system32\nvuenet.exe
2007-04-16 22:47    <DIR>    d--------    C:\Temp
2007-04-16 22:35    <DIR>    d--------    C:\Programme\512i digital
2007-04-16 22:34    <DIR>    d--------    C:\TerraTec
2007-04-16 22:31    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Logitech
2007-04-16 22:30    69,632    --a------    C:\WINDOWS\system32\KemXML.dll
2007-04-16 22:30    34,576    --a------    C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-04-16 22:30    33,296    --a------    C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-04-16 22:30    28,176    --a------    C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-04-16 22:30    163,840    --a------    C:\WINDOWS\system32\kemutb.dll
2007-04-16 22:30    135,168    --a------    C:\WINDOWS\system32\KemUtil.dll
2007-04-16 22:30    110,592    --a------    C:\WINDOWS\system32\KemWnd.dll
2007-04-16 22:30    101,136    --a------    C:\WINDOWS\KHALMNPR.Exe
2007-04-16 22:30    1,419,024    --a------    C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-16 22:30    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2007-04-16 22:30    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech
2007-04-16 22:29    97,792    --a------    C:\WINDOWS\system32\LGUICOM.DLL
2007-04-16 22:29    70,801    --a------    C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-04-16 22:29    51,729    ---------    C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-04-16 22:29    37,887    --a------    C:\WINDOWS\system32\drivers\LHidUsb.sys
2007-04-16 22:29    3,568    --a------    C:\WINDOWS\system32\LMOUSE16.DLL
2007-04-16 22:29    25,505    --a------    C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2007-04-16 22:29    23,375    ---------    C:\WINDOWS\system32\LCOINST.DLL
2007-04-16 22:29    19,968    ---------    C:\WINDOWS\LOGI_MWX.EXE
2007-04-16 22:29    16,896    --a------    C:\WINDOWS\system32\LMOUSE32.DLL
2007-04-16 22:29    152,064    ---------    C:\WINDOWS\system32\lmoufrc.dll
2007-04-16 22:29    14,095    ---------    C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-04-16 22:29    104,960    --a------    C:\WINDOWS\system32\COMNCTR.DLL
2007-04-16 22:29    <DIR>    d--------    C:\Programme\Logitech
2007-04-16 22:29    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\Logitech
2007-04-16 22:27    <DIR>    d--------    C:\Programme\Winwall
2007-04-16 22:27    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Winwall
2007-04-16 22:26    <DIR>    d--------    C:\Programme\Symantec
2007-04-16 22:24    392,320    --a------    C:\WINDOWS\system32\drivers\timntr.sys
2007-04-16 22:24    32,768    --a------    C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-04-16 22:24    114,048    --a------    C:\WINDOWS\system32\drivers\snapman.sys
2007-04-16 22:23    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\Acronis
2007-04-16 22:23    <DIR>    d--------    C:\Programme\Acronis
2007-04-16 22:20    19,584    --a------    C:\WINDOWS\system32\drivers\dsnpfd.sys
2007-04-16 22:20    <DIR>    d--------    C:\Programme\MozBackup
2007-04-16 22:20    <DIR>    d--------    C:\Programme\BWMeter
2007-04-16 22:16    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Thunderbird
2007-04-16 22:16    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Talkback
2007-04-16 22:05    0    --a------    C:\WINDOWS\nsreg.dat
2007-04-16 21:59    <DIR>    d--------    C:\Programme\G-Scriptv4.6
2007-04-16 21:55    <DIR>    d--------    C:\WINDOWS\system32\ReinstallBackups
2007-04-16 21:54    <DIR>    d--------    C:\NVIDIA
2007-04-16 21:24    <DIR>    d--------    C:\Programme\Ahead
2007-04-16 21:19    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Ahead
2007-04-16 21:18    <DIR>    d--------    C:\Program Files
2007-04-16 21:17    <DIR>    d--------    C:\Programme\ICQLite
2007-04-16 21:17    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\ICQLite
2007-04-16 21:13    <DIR>    d--------    C:\Programme\Nero
2007-04-16 21:13    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\Ahead
2007-04-16 21:13    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
2007-04-16 21:06    <DIR>    d--------    C:\Programme\FileZilla Server
2007-04-16 21:06    <DIR>    d--------    C:\Programme\FileZilla
2007-04-16 21:02    <DIR>    d--------    C:\Programme\rulesPlayer
2007-04-16 21:01    <DIR>    d--------    C:\Programme\ScummVM
2007-04-16 21:01    <DIR>    d--------    C:\Programme\DOSBox-0.70
2007-04-16 21:01    <DIR>    d--------    C:\Programme\D-Fend
2007-04-16 20:59    <DIR>    d--------    C:\Programme\Snarfware
2007-04-16 20:59    <DIR>    d--------    C:\Programme\RapidCRC
2007-04-16 20:59    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Snarfware
2007-04-16 20:57    <DIR>    d--------    C:\Programme\Paint.NET
2007-04-16 20:56    <DIR>    d--------    C:\Programme\Google
2007-04-16 20:56    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Google
2007-04-16 20:55    <DIR>    d--------    C:\Programme\Foxit Software
2007-04-16 20:54    <DIR>    d--------    C:\Programme\DAMN NFO Viewer
2007-04-16 20:53    <DIR>    d--------    C:\Programme\Mozilla Sunbird
2007-04-16 20:52    3,442    --a------    C:\WINDOWS\mozver.dat
2007-04-16 20:52    <DIR>    d--------    C:\Programme\Mozilla Thunderbird
2007-04-16 20:31    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Lavasoft
2007-04-16 20:30    <DIR>    d--------    C:\WINDOWS\system32\oodag
2007-04-16 20:29    <DIR>    dr-hsc---    C:\WINDOWS\system32\dllcache
2007-04-16 20:29    <DIR>    dr--s----    C:\WINDOWS\Fonts
2007-04-16 20:29    <DIR>    dr-------    C:\WINDOWS\Web
2007-04-16 20:29    <DIR>    d--h-----    C:\WINDOWS\inf
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\WinSxS
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\twain_32
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\wins
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\wbem
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\usmt
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\spool
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\ShellExt
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\Setup
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\ras
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\PreInstall
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\oobe
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\npp
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\mui
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\Macromed
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\inetsrv
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\IME
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\icsxml
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\ias
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\export
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\drivers\etc
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\drivers\disdn
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\drivers
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\dhcp
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\config
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\3com_dmi
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\3076
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\2052
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1054
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1042
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1041
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1037
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1033
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1031
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1028
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32\1025
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system32
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\system
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\security
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Resources
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\repair
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Provisioning
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\PeerNet
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\pchealth
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\mui
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\msapps
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\msagent
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Media
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\java
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\ime
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Help
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\ehome
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Driver Cache
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Debug
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Cursors
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Connection Wizard
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\Config
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\AppPatch
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS\addins
2007-04-16 20:29    <DIR>    d--------    C:\WINDOWS
2007-04-16 20:03    <DIR>    d--------    C:\WINDOWS\system32\appmgmt
2007-04-16 19:46    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\SmartFTP
2007-04-16 19:43    82,944    --a------    C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-16 19:43    7,552    --a------    C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-16 19:43    60,800    --a------    C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-16 19:43    6,400    --a------    C:\WINDOWS\system32\drivers\splitter.sys
2007-04-16 19:43    54,272    --a------    C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-16 19:43    52,864    --a------    C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-16 19:43    5,376    --a------    C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-16 19:43    4,992    --a------    C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-16 19:43    3,072    --a------    C:\WINDOWS\system32\drivers\audstub.sys
2007-04-16 19:43    2,944    --a------    C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-16 19:43    172,416    --a------    C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-16 19:43    142,464    --a------    C:\WINDOWS\system32\drivers\aec.sys
2007-04-16 19:42    57,600    --a------    C:\WINDOWS\system32\drivers\redbook.sys
2007-04-16 19:42    25,856    --a------    C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-16 19:42    21,504    --a------    C:\WINDOWS\system32\hidserv.dll
2007-04-16 19:41    77,312    --a------    C:\WINDOWS\system32\usbui.dll
2007-04-16 19:41    60,288    --a------    C:\WINDOWS\system32\drivers\drmk.sys
2007-04-16 19:41    6,400    --a------    C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-16 19:41    4,096    --a------    C:\WINDOWS\system32\ksuser.dll
2007-04-16 19:41    145,792    --a------    C:\WINDOWS\system32\drivers\portcls.sys
2007-04-16 19:41    10,624    --a------    C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-16 19:40    36,528    ---------    C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-16 19:40    24,072    --a------    C:\WINDOWS\system32\uxtuneup.dll
2007-04-16 19:40    2,560    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-16 19:40    2,432    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-16 19:40    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2007-04-16 19:40    121,856    --a------    C:\WINDOWS\system32\TWEAKUI.EXE
2007-04-16 19:40    115,880    ---------    C:\WINDOWS\system32\pxinsi64.exe
2007-04-16 19:40    <DIR>    d--------    C:\Programme\xp-AntiSpy
2007-04-16 19:40    <DIR>    d--------    C:\Programme\winamp
2007-04-16 19:40    <DIR>    d--------    C:\Programme\TuneUp Utilities 2007
2007-04-16 19:40    <DIR>    d--------    C:\Programme\RegCleaner
2007-04-16 19:40    <DIR>    d--------    C:\Programme\Lavasoft
2007-04-16 19:40    <DIR>    d--------    C:\Programme\CrackDownloader
2007-04-16 19:40    <DIR>    d--------    C:\Programme\Craagle
2007-04-16 19:40    <DIR>    d--------    C:\Programme\CCleaner
2007-04-16 19:40    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-16 19:40    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\TuneUp Software
2007-04-16 19:39    8,192    -ra------    C:\WINDOWS\system32\kbdhept.dll
2007-04-16 19:39    6,656    -ra------    C:\WINDOWS\system32\kbdhela3.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdtuq.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdtuf.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdlv1.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdlv.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdhela2.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdgkl.dll
2007-04-16 19:39    6,144    -ra------    C:\WINDOWS\system32\kbdest.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdmon.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdlt1.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdlt.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdkyr.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdhe319.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdhe220.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdhe.dll
2007-04-16 19:39    5,632    -ra------    C:\WINDOWS\system32\kbdazel.dll
2007-04-16 19:39    <DIR>    dr-------    C:\Programme
2007-04-16 19:39    <DIR>    d--hs----    C:\WINDOWS\Installer
2007-04-16 19:39    <DIR>    d--------    C:\Programme\UltraISO
2007-04-16 19:39    <DIR>    d--------    C:\Programme\OO Software
2007-04-16 19:39    <DIR>    d--------    C:\Programme\IrfanView
2007-04-16 19:39    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\SpeechEngines
2007-04-16 19:39    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\ODBC
2007-04-16 19:39    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\EZB Systems
2007-04-16 19:39    <DIR>    d--------    C:\Programme\Foxit PDF Reader
2007-04-16 19:39    <DIR>    d--------    C:\Programme\DVD Shrink DE
2007-04-16 19:39    <DIR>    d--------    C:\Programme\DVD Decrypter
2007-04-16 19:39    <DIR>    d--------    C:\Programme\7-Zip
2007-04-16 19:39    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-04-16 19:38    9,936    --a------    C:\WINDOWS\system\LZEXPAND.DLL
2007-04-16 19:38    9,200    --a------    C:\WINDOWS\system\VER.DLL
2007-04-16 19:38    86,556    --a------    C:\WINDOWS\system32\dgsetup.dll
2007-04-16 19:38    82,944    --a------    C:\WINDOWS\system\OLECLI.DLL
2007-04-16 19:38    8,704    --a------    C:\WINDOWS\system32\batt.dll
2007-04-16 19:38    76,288    --a------    C:\WINDOWS\system32\storprop.dll
2007-04-16 19:38    70,368    --a------    C:\WINDOWS\system\AVICAP.DLL
2007-04-16 19:38    70,144    --a------    C:\WINDOWS\NOTEPAD.EXE
2007-04-16 19:38    7,168    -ra------    C:\WINDOWS\system32\kbdcz.dll
2007-04-16 19:38    69,632    --a------    C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdycl.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdsl1.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdsl.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdpl.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdhu.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdcz2.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdcz1.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\kbdcr.dll
2007-04-16 19:38    6,656    -ra------    C:\WINDOWS\system32\KBDAL.DLL
2007-04-16 19:38    5,632    -ra------    C:\WINDOWS\system32\kbdro.dll
2007-04-16 19:38    5,632    -ra------    C:\WINDOWS\system32\kbdpl1.dll
2007-04-16 19:38    5,632    -ra------    C:\WINDOWS\system32\kbdhu1.dll
2007-04-16 19:38    5,120    --a------    C:\WINDOWS\system\SHELL.DLL
2007-04-16 19:38    33,744    --a------    C:\WINDOWS\system\COMMDLG.DLL
2007-04-16 19:38    24,816    --a------    C:\WINDOWS\system32\mdimon.dll
2007-04-16 19:38    24,661    --a------    C:\WINDOWS\system32\spxcoins.dll
2007-04-16 19:38    24,064    --a------    C:\WINDOWS\system\OLESVR.DLL
2007-04-16 19:38    19,200    --a------    C:\WINDOWS\system\TAPI.DLL
2007-04-16 19:38    176,157    --a------    C:\WINDOWS\system32\dgrpsetu.dll
2007-04-16 19:38    15,872    --a------    C:\WINDOWS\TASKMAN.EXE
2007-04-16 19:38    13,824    --a------    C:\WINDOWS\system32\irclass.dll
2007-04-16 19:38    127,104    --a------    C:\WINDOWS\system\MSVIDEO.DLL
2007-04-16 19:38    11,264    --a------    C:\WINDOWS\system32\drivers\irenum.sys
2007-04-16 19:38    109,504    --a------    C:\WINDOWS\system\AVIFILE.DLL
2007-04-16 19:38    103,936    --a------    C:\WINDOWS\system32\EqnClass.Dll
2007-04-16 19:38    <DIR>    dr-h-----    C:\DOKUME~1\DEFAUL~1\Lokale Einstellungen
2007-04-16 19:38    <DIR>    dr-h-----    C:\DOKUME~1\DEFAUL~1\Anwendungsdaten
2007-04-16 19:38    <DIR>    dr-h-----    C:\DOKUME~1\ALLUSE~1\Anwendungsdaten
2007-04-16 19:38    <DIR>    dr-------    C:\DOKUME~1\DEFAUL~1\Startmen
2007-04-16 19:38    <DIR>    dr-------    C:\DOKUME~1\ALLUSE~1\Startmen
2007-04-16 19:38    <DIR>    dr-------    C:\DOKUME~1\ALLUSE~1\Dokumente
2007-04-16 19:38    <DIR>    d--h-----    C:\DOKUME~1\DEFAUL~1\Vorlagen
2007-04-16 19:38    <DIR>    d--h-----    C:\DOKUME~1\DEFAUL~1\Netzwerkumgebung
2007-04-16 19:38    <DIR>    d--h-----    C:\DOKUME~1\DEFAUL~1\Druckumgebung
2007-04-16 19:38    <DIR>    d--h-----    C:\DOKUME~1\ALLUSE~1\Vorlagen
2007-04-16 19:38    <DIR>    d--------    C:\WINDOWS\system32\CatRoot2
2007-04-16 19:38    <DIR>    d--------    C:\WINDOWS\system32\CatRoot
2007-04-16 19:38    <DIR>    d--------    C:\WINDOWS\SHELLNEW
2007-04-16 19:38    <DIR>    d--------    C:\Programme\Microsoft.NET
2007-04-16 19:38    <DIR>    d--------    C:\Programme\Microsoft Works
2007-04-16 19:38    <DIR>    d--------    C:\DOKUME~1\DEFAUL~1\Favoriten
2007-04-16 19:38    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\Favoriten
2007-04-16 19:37    98,304    --a------    C:\WINDOWS\system32\a3d.dll
2007-04-16 19:37    577,536    --a------    C:\WINDOWS\SOUNDMAN.EXE
2007-04-16 19:37    57,344    --a------    C:\WINDOWS\system32\Qa3d.dll
2007-04-16 19:37    40,960    --a------    C:\WINDOWS\system32\Qa3dload.dll
2007-04-16 19:37    4,011,264    --a------    C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-16 19:37    36,864    --a------    C:\WINDOWS\system32\Ftdll32.dll
2007-04-16 19:37    320,164    --a------    C:\WINDOWS\system32\drivers\fm801.sys
2007-04-16 19:37    10,528,256    --a------    C:\WINDOWS\system32\RTLCPL.EXE
2007-04-16 19:37    10,240    --a------    C:\WINDOWS\system32\drivers\nvmpu401.sys
2007-04-16 19:37    10,107    --a------    C:\WINDOWS\system32\drivers\fmjoy.sys
2007-04-16 19:36    32,256    --a------    C:\WINDOWS\system32\drivers\nvcoam.dll
2007-04-16 19:36    294,400    --a------    C:\WINDOWS\system32\idecoi.dll
2007-04-16 19:36    248,832    --a------    C:\WINDOWS\system32\drivers\yk51x86.sys
2007-04-16 19:36    217,088    --a------    C:\WINDOWS\Alcrmv.exe
2007-04-16 19:36    16,640    --a------    C:\WINDOWS\system32\drivers\nvcchflt.sys
2007-04-16 19:36    143,360    --a------    C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-16 19:36    102,528    --a------    C:\WINDOWS\system32\drivers\SI3112r.sys
2007-04-16 19:36    10,368    --a------    C:\WINDOWS\system32\drivers\SiWinAcc.sys
2007-04-16 19:35    4,527,488    --a------    C:\WINDOWS\system32\nv4_disp.dll
2007-04-16 19:35    3,994,624    --a------    C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-16 19:34    <DIR>    d--hs----    C:\System Volume Information
2007-04-16 19:34    <DIR>    d--------    C:\Dokumente und Einstellungen
2007-04-16 19:23    262,144    --a------    C:\DOKUME~1\ALLUSE~1\ntuser.dat
2007-04-16 19:23    <DIR>    d--------    C:\WINDOWS\network diagnostic
2007-04-16 19:21    <DIR>    d--------    C:\Programme\MSBuild
2007-04-16 19:18    <DIR>    d--------    C:\WINDOWS\system32\XPSViewer
2007-04-16 19:18    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-04-16 19:18    <DIR>    d--------    C:\DOKUME~1\ADMINI~1\ANWEND~1\Help
2007-04-16 19:17    14,048    ---------    C:\WINDOWS\system32\spmsg2.dll
2007-04-16 19:17    <DIR>    d--------    C:\Programme\Reference Assemblies
2007-04-16 19:16    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2007-04-16 19:16    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2007-04-16 19:16    <DIR>    d--------    C:\Programme\Windows Media Connect 2
2007-04-16 19:15    <DIR>    d--------    C:\WINDOWS\system32\de-de
2007-04-16 19:11    23,856    --a------    C:\WINDOWS\system32\spupdsvc.exe
2007-04-16 19:11    <DIR>    d--------    C:\WINDOWS\RegisteredPackages
2007-04-16 19:08    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2007-04-16 19:07    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
2007-04-16 19:04    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2007-04-16 19:03    <DIR>    d--------    C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-04-16 19:01    18,200    --a------    C:\WINDOWS\system32\wups2.dll
2007-04-16 19:01    <DIR>    d--hs----    C:\DOKUME~1\ADMINI~1\UserData
2007-04-16 19:01    <DIR>    d--------    C:\WINDOWS\system32\SoftwareDistribution
2007-04-16 18:59    <DIR>    d--hs----    C:\RECYCLER
2007-04-16 18:52    3,145,728    --ah-----    C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2007-04-16 18:52    208,896    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2007-04-16 18:52    <DIR>    dr-h-----    C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-04-16 18:52    <DIR>    dr-------    C:\DOKUME~1\ADMINI~1\Startmen
2007-04-16 18:52    <DIR>    dr-------    C:\DOKUME~1\ADMINI~1\Favoriten
2007-04-16 18:52    <DIR>    dr-------    C:\DOKUME~1\ADMINI~1\Eigene Dateien
2007-04-16 18:52    <DIR>    d--h-----    C:\Programme\InstallShield Installation Information
2007-04-16 18:52    <DIR>    d--h-----    C:\DOKUME~1\ADMINI~1\Vorlagen
2007-04-16 18:52    <DIR>    d--h-----    C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-04-16 18:52    <DIR>    d--h-----    C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-04-16 18:52    <DIR>    d--h-----    C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-04-16 18:52    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\InstallShield
2007-04-16 18:51    786,432    --ah-----    C:\DOKUME~1\NETWOR~1\NTUSER.DAT
2007-04-16 18:51    786,432    --ah-----    C:\DOKUME~1\LOCALS~1\NTUSER.DAT
2007-04-16 18:51    <DIR>    d--h-----    C:\DOKUME~1\NETWOR~1\Lokale Einstellungen
2007-04-16 18:51    <DIR>    d--h-----    C:\DOKUME~1\LOCALS~1\Lokale Einstellungen
2007-04-16 18:51    <DIR>    d--------    C:\WINDOWS\SoftwareDistribution
2007-04-16 18:51    <DIR>    d--------    C:\WINDOWS\Prefetch
2007-04-16 18:51    <DIR>    d--------    C:\DOKUME~1\NETWOR~1\Anwendungsdaten
2007-04-16 18:51    <DIR>    d--------    C:\DOKUME~1\LOCALS~1\Anwendungsdaten
2007-04-16 18:48    245,760    ---h-----    C:\DOKUME~1\DEFAUL~1\NTUSER.DAT
2007-04-16 18:48    112,128    --a------    C:\WINDOWS\system32\mapi32.dll
2007-04-16 18:48    0    -rahs----    C:\MSDOS.SYS
2007-04-16 18:48    0    -rahs----    C:\IO.SYS
2007-04-16 18:48    0    --a------    C:\CONFIG.SYS
2007-04-16 18:48    0    --a------    C:\AUTOEXEC.BAT
2007-04-16 18:48    <DIR>    d--------    C:\WINDOWS\system32\xircom
2007-04-16 18:48    <DIR>    d--------    C:\Programme\microsoft frontpage
2007-04-16 18:47    <DIR>    dr-------    C:\WINDOWS\Offline Web Pages
2007-04-16 18:47    <DIR>    d--hs----    C:\DOKUME~1\ALLUSE~1\DRM
2007-04-16 18:47    <DIR>    d--h-----    C:\Programme\WindowsUpdate
2007-04-16 18:47    <DIR>    d---s----    C:\WINDOWS\Downloaded Program Files
2007-04-16 18:47    <DIR>    d--------    C:\Programme\Online-Dienste
2007-04-16 18:46    86,016    --a------    C:\WINDOWS\system32\isign32.dll
2007-04-16 18:46    81,920    --a------    C:\WINDOWS\system32\ils.dll
2007-04-16 18:46    8,192    --a------    C:\WINDOWS\system32\bitsprx2.dll
2007-04-16 18:46    73,728    --a------    C:\WINDOWS\system32\icwdial.dll
2007-04-16 18:46    73,472    --a------    C:\WINDOWS\system32\drivers\sr.sys
2007-04-16 18:46    70,144    --a------    C:\WINDOWS\system32\acctres.dll
2007-04-16 18:46    7,168    --a------    C:\WINDOWS\system32\bitsprx3.dll
2007-04-16 18:46    69,632    --a------    C:\WINDOWS\system32\msconf.dll
2007-04-16 18:46    679,424    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-04-16 18:46    67,584    --a------    C:\WINDOWS\system32\srclient.dll
2007-04-16 18:46    65,536    --a------    C:\WINDOWS\system32\icwphbk.dll
2007-04-16 18:46    6,656    --a------    C:\WINDOWS\system32\wuauserv.dll
2007-04-16 18:46    51,712    --a------    C:\WINDOWS\system32\inetres.dll
2007-04-16 18:46    466,200    --a------    C:\WINDOWS\system32\wuapi.dll
2007-04-16 18:46    45,568    --a------    C:\WINDOWS\system32\safrslv.dll
2007-04-16 18:46    44,032    --a------    C:\WINDOWS\system32\racpldlg.dll
2007-04-16 18:46    43,520    --a------    C:\WINDOWS\system32\safrcdlg.dll
2007-04-16 18:46    41,240    --a------    C:\WINDOWS\system32\wups.dll
2007-04-16 18:46    382,464    --a------    C:\WINDOWS\system32\qmgr.dll
2007-04-16 18:46    34,560    --a------    C:\WINDOWS\system32\mnmdd.dll
2007-04-16 18:46    32,768    --a------    C:\WINDOWS\system32\mnmsrvc.exe
2007-04-16 18:46    32,768    --a------    C:\WINDOWS\system32\isrdbg32.dll
2007-04-16 18:46    29,696    --a------    C:\WINDOWS\system32\safrdm.dll
2007-04-16 18:46    282,624    --a------    C:\WINDOWS\system32\inetcfg.dll
2007-04-16 18:46    280,064    --a------    C:\WINDOWS\system32\mstask.dll
2007-04-16 18:46    28,672    --a------    C:\WINDOWS\system32\nmmkcert.dll
2007-04-16 18:46    252,928    --a------    C:\WINDOWS\system32\msoeacct.dll
2007-04-16 18:46    242,176    --a------    C:\WINDOWS\system32\srrstr.dll
2007-04-16 18:46    23,040    --a------    C:\WINDOWS\system32\fltmc.exe
2007-04-16 18:46    194,840    --a------    C:\WINDOWS\system32\wuaueng1.dll
2007-04-16 18:46    192,000    --a------    C:\WINDOWS\system32\schedsvc.dll
2007-04-16 18:46    18,944    --a------    C:\WINDOWS\system32\qmgrprxy.dll
2007-04-16 18:46    174,872    --a------    C:\WINDOWS\system32\wuauclt1.exe
2007-04-16 18:46    173,536    --a------    C:\WINDOWS\system32\wuweb.dll
2007-04-16 18:46    171,008    --a------    C:\WINDOWS\system32\srsvc.dll
2007-04-16 18:46    16,896    --a------    C:\WINDOWS\system32\fltlib.dll
2007-04-16 18:46    16,384    --a------    C:\WINDOWS\system32\icfgnt5.dll
2007-04-16 18:46    128,896    --a------    C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-16 18:46    128,280    --a------    C:\WINDOWS\system32\wucltui.dll
2007-04-16 18:46    124,696    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-04-16 18:46    12,288    --a------    C:\WINDOWS\system32\nmevtmsg.dll
2007-04-16 18:46    12,288    --a------    C:\WINDOWS\system32\mstinit.exe
2007-04-16 18:46    11,264    --a------    C:\WINDOWS\system32\atrace.dll
2007-04-16 18:46    105,984    --a------    C:\WINDOWS\system32\msoert2.dll
2007-04-16 18:46    1,343,768    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-04-16 18:46    <DIR>    d---s----    C:\WINDOWS\Tasks
2007-04-16 18:46    <DIR>    d--------    C:\WINDOWS\system32\Restore
2007-04-16 18:46    <DIR>    d--------    C:\WINDOWS\system32\DirectX
2007-04-16 18:46    <DIR>    d--------    C:\WINDOWS\srchasst
2007-04-16 18:46    <DIR>    d--------    C:\Programme\Movie Maker
2007-04-16 18:46    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\MSSoap
2007-04-16 18:46    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\Dienste
2007-04-16 18:45    97,792    --a------    C:\WINDOWS\system32\comrepl.dll
2007-04-16 18:45    80,896    --a------    C:\WINDOWS\system32\charmap.exe
2007-04-16 18:45    73,216    --a------    C:\WINDOWS\system32\avwav.dll
2007-04-16 18:45    683,520    --a------    C:\WINDOWS\system32\getuname.dll
2007-04-16 18:45    57,344    --a------    C:\WINDOWS\system32\sol.exe
2007-04-16 18:45    55,808    --a------    C:\WINDOWS\system32\freecell.exe
2007-04-16 18:45    54,272    --a------    C:\WINDOWS\system32\stclient.dll
2007-04-16 18:45    5,632    --a------    C:\WINDOWS\system32\write.exe
2007-04-16 18:45    5,120    --a------    C:\WINDOWS\system32\dcomcnfg.exe
2007-04-16 18:45    44,544    --a------    C:\WINDOWS\system32\hticons.dll
2007-04-16 18:45    4,608    --a------    C:\WINDOWS\system32\rdpcfgex.dll
2007-04-16 18:45    4,096    --a------    C:\WINDOWS\system32\mtxex.dll
2007-04-16 18:45    35,840    --a------    C:\WINDOWS\system32\winchat.exe
2007-04-16 18:45    33,792    --a------    C:\WINDOWS\system32\regini.exe
2007-04-16 18:45    25,600    --a------    C:\WINDOWS\system32\comaddin.dll
2007-04-16 18:45    25,088    --a------    C:\WINDOWS\system32\mtxlegih.dll
2007-04-16 18:45    232,960    --a------    C:\WINDOWS\system32\avtapi.dll
2007-04-16 18:45    22,528    --a------    C:\WINDOWS\system32\qwinsta.exe
2007-04-16 18:45    22,528    --a------    C:\WINDOWS\system32\msg.exe
2007-04-16 18:45    21,740    --a------    C:\WINDOWS\system32\emptyregdb.dat
2007-04-16 18:45    20,480    --a------    C:\WINDOWS\system32\mtxdm.dll
2007-04-16 18:45    17,920    --a------    C:\WINDOWS\system32\tsshutdn.exe
2007-04-16 18:45    17,408    --a------    C:\WINDOWS\system32\qappsrv.exe
2007-04-16 18:45    16,384    --a------    C:\WINDOWS\system32\tskill.exe
2007-04-16 18:45    16,384    --a------    C:\WINDOWS\system32\rwinsta.exe
2007-04-16 18:45    16,384    --a------    C:\WINDOWS\system32\avmeter.dll
2007-04-16 18:45    15,872    --a------    C:\WINDOWS\system32\logoff.exe
2007-04-16 18:45    15,872    --a------    C:\WINDOWS\system32\cdmodem.dll
2007-04-16 18:45    15,360    --a------    C:\WINDOWS\system32\tsdiscon.exe
2007-04-16 18:45    15,360    --a------    C:\WINDOWS\system32\tscon.exe
2007-04-16 18:45    15,360    --a------    C:\WINDOWS\system32\shadow.exe
2007-04-16 18:45    147,456    --a------    C:\WINDOWS\system32\comsnap.dll
2007-04-16 18:45    139,776    --a------    C:\WINDOWS\system32\sndvol32.exe
2007-04-16 18:45    128,000    --a------    C:\WINDOWS\system32\mshearts.exe
2007-04-16 18:45    120,320    --a------    C:\WINDOWS\system32\winmine.exe
2007-04-16 18:45    114,688    --a------    C:\WINDOWS\system32\calc.exe
2007-04-16 18:45    10,240    --a------    C:\WINDOWS\system32\reset.exe
2007-04-16 18:45    1,237    --a------    C:\WINDOWS\system32\usrlogon.cmd
2007-04-16 18:45    <DIR>    d--------    C:\WINDOWS\Registration
2007-04-16 18:45    <DIR>    d--------    C:\Programme\Online Services
2007-04-16 18:45    <DIR>    d--------    C:\Programme\MSN Gaming Zone
2007-04-16 18:45    <DIR>    d--------    C:\Programme\Messenger
2007-04-16 18:44    956,416    --a------    C:\WINDOWS\system32\msdtctm.dll
2007-04-16 18:44    94,720    --a------    C:\WINDOWS\system32\tscfgwmi.dll
2007-04-16 18:44    91,136    --a------    C:\WINDOWS\system32\mtxoci.dll
2007-04-16 18:44    87,176    --a------    C:\WINDOWS\system32\rdpwsx.dll
2007-04-16 18:44    85,504    --a------    C:\WINDOWS\system32\catsrvps.dll
2007-04-16 18:44    67,072    --a------    C:\WINDOWS\system32\rdshost.exe
2007-04-16 18:44    625,152    --a------    C:\WINDOWS\system32\catsrvut.dll
2007-04-16 18:44    62,464    --a------    C:\WINDOWS\system32\rdpclip.exe
2007-04-16 18:44    61,440    --a------    C:\WINDOWS\system32\remotepg.dll
2007-04-16 18:44    600,576    --a------    C:\WINDOWS\system32\mstsc.exe
2007-04-16 18:44    60,416    --a------    C:\WINDOWS\system32\colbact.dll
2007-04-16 18:44    6,144    --a------    C:\WINDOWS\system32\msdtc.exe
2007-04-16 18:44    58,880    --a------    C:\WINDOWS\system32\msdtclog.dll
2007-04-16 18:44    58,880    --a------    C:\WINDOWS\system32\licwmi.dll
2007-04-16 18:44    56,320    --a------    C:\WINDOWS\system32\servdeps.dll
2007-04-16 18:44    540,160    --a------    C:\WINDOWS\system32\comuid.dll
2007-04-16 18:44    539,136    --a------    C:\WINDOWS\system32\spider.exe
2007-04-16 18:44    498,688    --a------    C:\WINDOWS\system32\clbcatq.dll
2007-04-16 18:44    44,544    --a------    C:\WINDOWS\system32\tscupgrd.exe
2007-04-16 18:44    426,496    --a------    C:\WINDOWS\system32\msdtcprx.dll
2007-04-16 18:44    40,840    --a------    C:\WINDOWS\system32\drivers\termdd.sys
2007-04-16 18:44    39,424    --a------    C:\WINDOWS\system32\cfgbkend.dll
2007-04-16 18:44    356,352    --a------    C:\WINDOWS\system32\hypertrm.dll
2007-04-16 18:44    346,624    --a------    C:\WINDOWS\system32\mspaint.exe
2007-04-16 18:44    297,472    --a------    C:\WINDOWS\system32\termsrv.dll
2007-04-16 18:44    225,792    --a------    C:\WINDOWS\system32\catsrv.dll
2007-04-16 18:44    21,896    --a------    C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-16 18:44    20,480    --a------    C:\WINDOWS\system32\qprocess.exe
2007-04-16 18:44    196,864    --a------    C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-16 18:44    19,968    --a------    C:\WINDOWS\system32\rdpsnd.dll
2007-04-16 18:44    189,440    --a------    C:\WINDOWS\system32\cmprops.dll
2007-04-16 18:44    188,416    --a------    C:\WINDOWS\system32\accwiz.exe
2007-04-16 18:44    17,920    --a------    C:\WINDOWS\system32\mmfutil.dll
2007-04-16 18:44    161,280    --a------    C:\WINDOWS\system32\msdtcuiu.dll
2007-04-16 18:44    147,968    --a------    C:\WINDOWS\system32\rdchost.dll
2007-04-16 18:44    142,848    --a------    C:\WINDOWS\system32\sessmgr.exe
2007-04-16 18:44    139,528    --a------    C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-16 18:44    133,120    --a------    C:\WINDOWS\system32\sndrec32.exe
2007-04-16 18:44    13,824    --a------    C:\WINDOWS\system32\rdsaddin.exe
2007-04-16 18:44    124,928    --a------    C:\WINDOWS\system32\mplay32.exe
2007-04-16 18:44    12,040    --a------    C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-16 18:44    110,080    --a------    C:\WINDOWS\system32\clbcatex.dll
2007-04-16 18:44    11,776    --a------    C:\WINDOWS\system32\xolehlp.dll
2007-04-16 18:44    11,264    --a------    C:\WINDOWS\system32\icaapi.dll
2007-04-16 18:44    104,448    --a------    C:\WINDOWS\system32\clipbrd.exe
2007-04-16 18:44    1,866,240    --a------    C:\WINDOWS\system32\mstscax.dll
2007-04-16 18:44    1,267,200    --a------    C:\WINDOWS\system32\comsvcs.dll
2007-04-16 18:44    <DIR>    d--------    C:\WINDOWS\system32\MsDtc
2007-04-16 18:44    <DIR>    d--------    C:\WINDOWS\system32\Com
2007-04-16 18:44    <DIR>    d--------    C:\Programme\Windows NT


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-19 09:32    78360    --a------    C:\WINDOWS\system32\perfc007.dat
2007-04-19 09:32    442770    --a------    C:\WINDOWS\system32\perfh007.dat
2007-04-17 13:21    --------    d--------    C:\Programme\ætorrent
2007-04-16 19:38    62    --ahs----    C:\DOKUME~1\ADMINI~1\ANWEND~1\desktop.ini
2007-03-17 15:45    293376    --a------    C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:48    579584    --a------    C:\WINDOWS\system32\user32.dll
2007-03-08 17:48    40960    --a------    C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:48    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:45    1844096    --a------    C:\WINDOWS\system32\win32k.sys
2007-02-16 18:50    14368    --a------    C:\WINDOWS\system32\relog_ap.dll
2007-02-14 19:14    17440    --a------    C:\WINDOWS\system32\acrotls.dll
2007-02-14 19:05    499712    --a------    C:\WINDOWS\system32\msvcp71.dll
2007-02-14 19:05    348160    --a------    C:\WINDOWS\system32\msvcr71.dll
2007-02-14 19:01    206368    --a------    C:\WINDOWS\system32\snapapi.dll
2007-02-05 22:18    185856    --a------    C:\WINDOWS\system32\upnphost.dll
2007-01-22 17:23    6912    --a------    C:\WINDOWS\nvoclock.sys
2007-01-22 17:23    385024    --a------    C:\WINDOWS\ntuneoem.dll
2007-01-22 17:22    28672    --a------    C:\WINDOWS\autotunescript.dll
2007-01-22 17:22    1622016    --a------    C:\WINDOWS\nvbenchmarks.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"avgnt"=""C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe" /min"
"UnlockerAssistant"=""C:\\Programme\\Unlocker\\UnlockerAssistant.exe""
"FileZilla Server Interface"=""C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"ICQ Lite"=""C:\\Programme\\ICQLite\\ICQLite.exe" -minimize"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"=""C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe""
"Logitech Utility"="Logi_MwX.Exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"512id"="C:\\Programme\\512i digital\\512id.exe /minimize"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RouterControl"="C:\\PROGRA~1\\ROUTER~1\\ROUTERCONTROL.EXE"
"NVIDIA nTune"=""C:\\Programme\\NVIDIA Corporation\\nTune\\nTuneCmd.exe" clear"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Snarfer"="C:\\Programme\\Snarfware\\Snarfer\\snarfer.exe /startminimized"
"MSMSGS"=""C:\\Programme\\Messenger\\msmsgs.exe" /background"
"DAEMON Tools"=""C:\\Programme\\DAEMON Tools\\daemon.exe" -lang 1033"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
  61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
  69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages    REG_MULTI_SZ       msv1_0\0relog_ap\0\0
   Security Packages    REG_MULTI_SZ       kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages    REG_MULTI_SZ       scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter    REG_MULTI_SZ       HTTPFilter\0\0
LocalService    REG_MULTI_SZ       Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    REG_MULTI_SZ       DnsCache\0\0
DcomLaunch    REG_MULTI_SZ       DcomLaunch\0TermService\0\0
rpcss    REG_MULTI_SZ       RpcSs\0\0
imgsvc    REG_MULTI_SZ       StiSvc\0\0
termsvcs    REG_MULTI_SZ       TermService\0\0
WudfServiceGroup    REG_MULTI_SZ       WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20  1:39:27
C:\ComboFix-quarantined-files.txt ... 07-04-20 01:39
C:\ComboFix2.txt ... 07-04-20 01:37
C:\ComboFix3.txt ... 07-04-20 01:34

Code

Auflistung der Ordnerpfade fr Volume Main
Volumenummer: B82F-F1CE
C:\QOOBOX
\---Quarantine
    \---Registry_backups

Im Anschluß habe ich noch ein kleines +.vbs Script gefunden welches sich Silent Runners.vbs nennt.
Das habe ich dann auch nochmal ausgeführt. Allerdings mit dem Parameter -all
damit es auch ausführlich ist. Das Ergebnis hänge ich dann aber hier an, damit der Post hier keine Scrollorgie wird.

Falls noch irgendwelche Logs ansonsten nötig sein sollten, gebt mir Bescheid dann reiche ich die morgen früh nach.

Anhang: Startup Programs (DESKTOP) 2007-04-20 01.46.44.txt

Dieser Beitrag wurde am 20.04.2007 um 01:50 Uhr von DocEvil editiert.

20.04.2007, 07:53

Chris4You

Member

Beiträge: 694

#14 Hi,

Vundo was here:
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.bak1
(Die solltest Du auf jeden Fall noch löschen).
Passende DLL's (ljhfg.dll, jkhhf.dll, urqrolj.dll, ddccy.dll, ...) sind nicht zu finden.

Die neue Avira-Version unterstützt jetzt auch Rootkit-Scanning, update?

Sind die Probleme jetzt beseitigt?

Was mir noch auffällt (zeitlich wie von der Größe her), ist
C:\WINDOWS\RCoUn.EXE (die sollte eigentlich 322.560 Bytes groß sein, aber wer weiss das schon bei den ganzen Fixpacks -> lasse die noch mal über virustotal scannen)...

Welche Einträge hast Du mit der unbennanten Hijack-Exe noch erwischen können...?

Die beiden Hijacklogs sind bis auf Kleinigkeiten identisch u. OK, den Rest versuche ich heute noch durchzuschauen...

Gruß,
Chris

Dieser Beitrag wurde am 20.04.2007 um 08:12 Uhr von Chris4You editiert.

20.04.2007, 14:08

DocEvil

Member

Themenstarter

Beiträge: 16

#15 mit der Unbenannten Hijackthis gab es noch diese Vundo Dinger zu sehen.

Hier nochmal das Log von Virustotal:

Complete scanning result of "RCoUn.EXE", received in VirusTotal at 04.20.2007, 11:18:47 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.19.1 04.20.2007 no virus found
AntiVir 7.3.1.53 04.20.2007 no virus found
Authentium 4.93.8 04.20.2007 no virus found
Avast 4.7.981.0 04.19.2007 no virus found
AVG 7.5.0.464 04.19.2007 no virus found
BitDefender 7.2 04.20.2007 no virus found
CAT-QuickHeal 9.00 04.19.2007 no virus found
ClamAV devel-20070416 04.20.2007 no virus found
DrWeb 4.33 04.20.2007 no virus found
eSafe 7.0.15.0 04.19.2007 no virus found
eTrust-Vet 30.7.3581 04.20.2007 no virus found
Ewido 4.0 04.19.2007 no virus found
FileAdvisor 1 04.20.2007 no virus found
Fortinet 2.85.0.0 04.20.2007 no virus found
F-Prot 4.3.2.48 04.18.2007 no virus found
F-Secure 6.70.13030.0 04.20.2007 no virus found
Ikarus T3.1.1.5 04.20.2007 no virus found
Kaspersky 4.0.2.24 04.20.2007 no virus found
McAfee 5013 04.19.2007 no virus found
Microsoft 1.2405 04.20.2007 no virus found
NOD32v2 2207 04.20.2007 no virus found
Norman 5.80.02 04.19.2007 no virus found
Panda 9.0.0.4 04.19.2007 no virus found
Prevx1 V2 04.20.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.20.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.19.2007 no virus found
VirusBuster 4.3.7:9 04.19.2007 no virus found
Webwasher-Gateway 6.0.1 04.20.2007 no virus found

über Avenger habe ich die anderen beiden übrigen Dateien dann nun gelöscht :

Code

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qanpvsja

*******************

Script file located at: \??\C:\kat^xkrm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\fhhkj.ini2 deleted successfully.
File C:\WINDOWS\system32\fhhkj.bak1 deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Code

ComboScan v20070306.20 run by Administrator on 2007-04-20 at 13:58:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:58, on 20.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FileZilla Server\FileZilla Server.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\512i digital\512id.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Snarfware\Snarfer\snarfer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\BWMeter\BWMeter.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\µTorrent\utorrent.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\comboscan.exe
C:\DOKUME~1\ADMINI~1\Desktop\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [512id] C:\Programme\512i digital\512id.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snarfer] C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: BWMeter.lnk = C:\Programme\BWMeter\BWMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176742898203
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- Files created between 2007-03-20 and 2007-04-20 -----------------------------



-- Find3M Report ---------------------------------------------------------------

2007-04-20 13:58:58         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent
2007-04-20 13:32:06         0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2007-04-20 10:37:49         0 d-------- C:\Programme\Mozilla Sunbird<MOZILL~3>
2007-04-20 02:47:18         0 d-------- C:\Programme\Mozilla Thunderbird<MOZILL~2>
2007-04-20 01:56:01         0 d-------- C:\Programme\JAM Software<JAMSOF~1>
2007-04-20 00:50:10         0 d-------- C:\Programme\Seagate
2007-04-20 00:21:27         0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-04-19 09:32:30    442770 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-19 09:32:30     78360 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-18 13:25:10         0 d-------- C:\Programme\Gemeinsame Dateien\System
2007-04-18 13:12:10         0 d-------- C:\Programme\Alcohol Soft<ALCOHO~1>
2007-04-18 12:03:42         0 d-------- C:\Programme\YASU_1.1_7035<YASU_1~1.1_7>
2007-04-18 11:55:22         0 d-------- C:\Programme\DAEMON Tools<DAEMON~1>
2007-04-18 11:50:30         0 d-------- C:\Programme\arniWORX
2007-04-18 11:48:58         0 d-------- C:\Programme\7-Zip
2007-04-18 02:56:53         0 d-------- C:\Programme\G-Scriptv4.6<G-SCRI~1.6>
2007-04-17 23:35:32    155648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-04-17 13:31:08         0 d-------- C:\Programme\ProcessExplorer<PROCES~1>
2007-04-17 13:27:17         0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-04-17 13:27:05         0 d-------- C:\Programme\NVIDIA Corporation<NVIDIA~1>
2007-04-17 13:21:06         0 d-------- C:\Programme\µTorrent<TORREN~1>
2007-04-17 12:58:08         0 d-------- C:\Programme\QuickTime Alternative<QUICKT~1>
2007-04-17 12:56:43         0 d-------- C:\Programme\K-Lite Codec Pack<K-LITE~1>
2007-04-17 12:56:37         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
2007-04-17 12:10:27         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahead
2007-04-17 12:08:27         0 d---s---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft<MICROS~1>
2007-04-17 03:05:10         0 d-------- C:\Programme\RouterControl<ROUTER~1>
2007-04-17 00:12:01         0 d-------- C:\Programme\winamp
2007-04-16 23:59:05         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DeskSoft
2007-04-16 23:58:51         0 d-------- C:\Programme\BWMeter
2007-04-16 22:45:27         0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-04-16 22:38:06         0 d-------- C:\Programme\FileZilla Server<FILEZI~2>
2007-04-16 22:35:31         0 d-------- C:\Programme\512i digital<512IDI~1>
2007-04-16 22:31:45         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Logitech
2007-04-16 22:31:36         0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-04-16 22:30:48         0 d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-16 22:30:41         0 d-------- C:\Programme\Logitech
2007-04-16 22:27:42         0 d-------- C:\Programme\Winwall
2007-04-16 22:27:42         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winwall
2007-04-16 22:26:40         0 d-------- C:\Programme\Symantec
2007-04-16 22:25:56         0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield<INSTAL~1>
2007-04-16 22:24:20         0 d-------- C:\Programme\Gemeinsame Dateien\Acronis
2007-04-16 22:23:20         0 d-------- C:\Programme\Acronis
2007-04-16 22:20:07         0 d-------- C:\Programme\MozBackup<MOZBAC~1>
2007-04-16 22:18:32         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2007-04-16 22:16:54         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Talkback
2007-04-16 22:16:44         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird<THUNDE~1>
2007-04-16 22:05:42         0 --a------ C:\WINDOWS\nsreg.dat
2007-04-16 21:24:41         0 d-------- C:\Programme\Ahead
2007-04-16 21:21:16         0 d-------- C:\Programme\ICQLite
2007-04-16 21:19:44         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQLite
2007-04-16 21:18:02         0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-04-16 21:13:15         0 d-------- C:\Programme\Nero
2007-04-16 21:06:03         0 d-------- C:\Programme\FileZilla<FILEZI~1>
2007-04-16 21:04:20         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia<MACROM~1>
2007-04-16 21:02:44         0 d-------- C:\Programme\rulesPlayer<RULESP~1>
2007-04-16 21:01:42         0 d-------- C:\Programme\D-Fend
2007-04-16 21:01:21         0 d-------- C:\Programme\DOSBox-0.70
2007-04-16 21:01:09         0 d-------- C:\Programme\ScummVM
2007-04-16 20:59:49         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snarfware<SNARFW~1>
2007-04-16 20:59:47         0 d-------- C:\Programme\Snarfware<SNARFW~1>
2007-04-16 20:59:29         0 d-------- C:\Programme\RapidCRC
2007-04-16 20:58:02         0 d-------- C:\Programme\Paint.NET
2007-04-16 20:56:38         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google
2007-04-16 20:56:06         0 d-------- C:\Programme\Google
2007-04-16 20:55:02         0 d-------- C:\Programme\Foxit Software<FOXITS~1>
2007-04-16 20:54:32         0 d-------- C:\Programme\DAMN NFO Viewer<DAMNNF~1>
2007-04-16 20:52:48      3442 --a------ C:\WINDOWS\mozver.dat
2007-04-16 20:31:06         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lavasoft
2007-04-16 20:00:17         0 d-------- C:\Programme\Craagle
2007-04-16 19:46:06         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SmartFTP
2007-04-16 19:40:58         0 d-------- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
2007-04-16 19:40:57         0 d-------- C:\Programme\CrackDownloader<CRACKD~1>
2007-04-16 19:40:37         0 d-------- C:\Programme\TuneUp Utilities 2007<TUNEUP~1>
2007-04-16 19:40:33         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software<TUNEUP~1>
2007-04-16 19:40:19         0 d-------- C:\Programme\xp-AntiSpy<XP-ANT~1>
2007-04-16 19:40:17         0 d-------- C:\Programme\Lavasoft
2007-04-16 19:39:56         0 d-------- C:\Programme\IrfanView<IRFANV~1>
2007-04-16 19:39:49         0 d-------- C:\Programme\OO Software<OOSOFT~1>
2007-04-16 19:39:40         0 d-------- C:\Programme\DVD Shrink DE<DVDSHR~1>
2007-04-16 19:39:39         0 d-------- C:\Programme\DVD Decrypter<DVDDEC~1>
2007-04-16 19:39:15         0 d-------- C:\Programme\UltraISO
2007-04-16 19:39:15         0 d-------- C:\Programme\Gemeinsame Dateien\EZB Systems<EZBSYS~1>
2007-04-16 19:39:10         0 d-------- C:\Programme\Gemeinsame Dateien\ODBC
2007-04-16 19:39:07         0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines<SPEECH~1>
2007-04-16 19:39:07         0 d-------- C:\Programme\Foxit PDF Reader<FOXITP~1>
2007-04-16 19:38:47        62 --ahs---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\desktop.ini
2007-04-16 19:38:17         0 d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2007-04-16 19:38:16         0 d-------- C:\Programme\Microsoft Works<MICROS~4>
2007-04-16 19:38:03         0 d-------- C:\Programme\Microsoft.NET<MICROS~1.NET>
2007-04-16 19:21:13         0 d-------- C:\Programme\MSBuild
2007-04-16 19:18:41         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Help
2007-04-16 19:17:41         0 d-------- C:\Programme\Reference Assemblies<REFERE~1>
2007-04-16 19:16:56         0 d-------- C:\Programme\Windows Media Connect 2<WINDOW~4>
2007-04-16 18:52:59         0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities<IDENTI~1>
2007-04-16 18:48:46         0 d-------- C:\Programme\microsoft frontpage<MICROS~1>
2007-04-16 18:48:29         0 -rahs---- C:\MSDOS.SYS
2007-04-16 18:48:29         0 -rahs---- C:\IO.SYS
2007-04-16 18:48:29         0 --a------ C:\CONFIG.SYS
2007-04-16 18:48:29         0 --a------ C:\AUTOEXEC.BAT
2007-04-16 18:47:10         0 d--h----- C:\Programme\WindowsUpdate<WINDOW~3>
2007-04-16 18:47:08         0 d-------- C:\Programme\Online-Dienste<ONLINE~2>
2007-04-16 18:46:36         0 d-------- C:\Programme\Gemeinsame Dateien\Dienste
2007-04-16 18:46:34         0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2007-04-16 18:46:27         0 d-------- C:\Programme\Movie Maker<MOVIEM~1>
2007-04-16 18:45:43     21740 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-16 18:45:24         0 d-------- C:\Programme\Online Services<ONLINE~1>
2007-04-16 18:45:20         0 d-------- C:\Programme\Messenger<MESSEN~1>
2007-04-16 18:45:16         0 d-------- C:\Programme\MSN Gaming Zone<MSNGAM~1>
2007-04-16 18:45:10         0 d-------- C:\Programme\Windows NT<WINDOW~1>
2007-04-04 13:22:06    330336 --a------ C:\WINDOWS\RCoUn.EXE
2007-03-17 15:45:59    293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:48:39    579584 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:48:39     40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:48:39    282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:45:09   1844096 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 21:00:28     10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-02-16 18:50:06     14368 --a------ C:\WINDOWS\system32\relog_ap.dll
2007-02-14 19:14:42     17440 --a------ C:\WINDOWS\system32\acrotls.dll
2007-02-14 19:05:52    348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-14 19:05:52    499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-14 19:01:14    206368 --a------ C:\WINDOWS\system32\snapapi.dll
2007-02-05 22:18:44    185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-01 05:56:06    639066 --a------ C:\WINDOWS\system32\divx.dll
2007-01-30 06:03:42   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:03:28    200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03:28   1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56:58    196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-30 05:56:58     73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-30 01:46:32     69632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-01-30 01:46:26    163840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-01-30 01:46:18    110592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-01-30 01:46:08    135168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-01-29 10:58:06     60416 --------- C:\WINDOWS\system32\tzchange.exe
2007-01-23 15:45:00   1419024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL>
2007-01-23 15:44:00    101136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-01-22 17:23:20      6912 --a------ C:\WINDOWS\nvoclock.sys
2007-01-22 17:23:18    385024 --a------ C:\WINDOWS\ntuneoem.dll
2007-01-22 17:22:30   1622016 --a------ C:\WINDOWS\NVBenchMarks.dll<NVBENC~1.DLL>
2007-01-22 17:22:10     28672 --a------ C:\WINDOWS\AutoTuneScript.dll<AUTOTU~1.DLL>
2007-01-20 21:26:06   1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Snarfer"="C:\\Programme\\Snarfware\\Snarfer\\snarfer.exe /startminimized"
"MSMSGS"=""C:\\Programme\\Messenger\\msmsgs.exe" /background"
"DAEMON Tools"=""C:\\Programme\\DAEMON Tools\\daemon.exe" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"avgnt"=""C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe" /min"
"UnlockerAssistant"=""C:\\Programme\\Unlocker\\UnlockerAssistant.exe""
"FileZilla Server Interface"=""C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"ICQ Lite"=""C:\\Programme\\ICQLite\\ICQLite.exe" -minimize"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"=""C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe""
"Logitech Utility"="Logi_MwX.Exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"512id"="C:\\Programme\\512i digital\\512id.exe /minimize"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RouterControl"="C:\\PROGRA~1\\ROUTER~1\\ROUTERCONTROL.EXE"
"NVIDIA nTune"=""C:\\Programme\\NVIDIA Corporation\\nTune\\nTuneCmd.exe" clear"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
  61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
  69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nltide3"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,72,75,6e,64,6c,6c,33,32,20,\
  61,64,76,70,61,63,6b,2e,64,6c,6c,2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,\
  69,6f,6e,20,6e,4c,69,74,65,2e,69,6e,66,2c,43,00
    

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter    REG_MULTI_SZ       HTTPFilter\0\0
LocalService    REG_MULTI_SZ       Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    REG_MULTI_SZ       DnsCache\0\0
DcomLaunch    REG_MULTI_SZ       DcomLaunch\0TermService\0\0
rpcss    REG_MULTI_SZ       RpcSs\0\0
imgsvc    REG_MULTI_SZ       StiSvc\0\0
termsvcs    REG_MULTI_SZ       TermService\0\0
WudfServiceGroup    REG_MULTI_SZ       WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



-- End of ComboScan: finished at 2007-04-20 at 13:59:24 ------------------------

Dann noch ne abschließende Frage, taugt dieses Tool was und gibt es da Erfahrungsberichte zu ?

Tool :WinPatrol 11.3.2007 - Systemsicherheits-Software
http://www.winfuture.de/news,31300.html

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1