Home » Viren, Trojaner & Malware Forum » verschiedene Win32:Warezov Viren » Themenansicht

verschiedene Win32:Warezov Viren

Thema ist geschlossen!
Thema ist geschlossen!
#0
22.04.2007, 16:18
Qwasdert
...neu hier

Beiträge: 3
#1 Hallo,

ich habe seit einiger Zeit besagte Viren. Zuerst war es einer, dann sind aber mehrere dazugekommen.

Hier die Logfiles:


Logfile of HijackThis v1.99.1
Scan saved at 16:41:50, on 22.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\sccsd32.exe
C:\WINDOWS\wincrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\msssmsda.exe
D:\Eigene Datein 2\Azureus\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\sccsd32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\sccsd32.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [wincrt.exe] C:\WINDOWS\wincrt.exe s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176567851609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E389B76-1702-43B0-8FFF-07046F351EFA}: NameServer = 62.220.18.8 62.72.64.241
O20 - AppInit_DLLs: e1.dll msjidpmo.dll diagisr.dll
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



Mit datFind gescannt:

#1
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\system32

22.04.2007 16:41 24.576 msjidpmo.dll
22.04.2007 16:41 77.804 msssmsda.exe
22.04.2007 16:33 40.960 isrprov.exe
22.04.2007 16:33 45.056 isrprf32.dll
22.04.2007 16:32 53.248 diagisr.dll
22.04.2007 01:43 2.206 wpa.dbl
21.04.2007 21:40 16.832 amcompat.tlb
21.04.2007 21:40 23.392 nscompat.tlb
21.04.2007 20:59 377.450 perfh009.dat
21.04.2007 20:59 52.654 perfc009.dat
21.04.2007 20:59 388.174 perfh007.dat
21.04.2007 20:59 63.466 perfc007.dat
21.04.2007 20:59 892.038 PerfStringBackup.INI
19.04.2007 16:33 3.002 CONFIG.NT
19.04.2007 15:11 4 msssmsda.dat
19.04.2007 13:55 28.672 e1.dll
18.04.2007 18:16 733.824 aswBoot.exe
18.04.2007 18:06 90.112 AVASTSS.scr
17.04.2007 23:35 10.752 BASSMOD.dll
14.04.2007 16:18 4.254 jupdate-1.6.0_01-b06.log
06.04.2007 18:11 20.480 scrilprh.dll
06.04.2007 18:11 16.384 mspradsn.exe
06.04.2007 18:11 98.304 msssmsda.dll
05.04.2007 19:14 269.080 FNTCACHE.DAT
03.04.2007 13:48 13.511.640 MRT.exe
25.03.2007 21:57 122.142 TZLog.log
24.03.2007 18:38 249 spupdwxp.log
24.03.2007 17:51 49.338 $winnt$.inf
24.03.2007 17:46 25.065 wmpscheme.xml
24.03.2007 17:45 488 WindowsLogon.manifest
24.03.2007 17:45 488 logonui.exe.manifest
24.03.2007 17:45 749 sapi.cpl.manifest
24.03.2007 17:45 749 cdplayer.exe.manifest
24.03.2007 17:45 749 nwc.cpl.manifest
24.03.2007 17:45 749 ncpa.cpl.manifest
24.03.2007 17:45 749 wuaucpl.cpl.manifest
24.03.2007 17:45 23.504 emptyregdb.dat
24.03.2007 17:44 525 mapisvc.inf
24.03.2007 17:37 860 oeminfo.ini
17.03.2007 15:44 293.376 winsrv.dll
14.03.2007 02:04 69.632 javacpl.cpl
14.03.2007 02:04 139.264 javaws.exe
14.03.2007 00:31 135.168 javaw.exe
14.03.2007 00:31 135.168 java.exe
09.03.2007 18:40 34.064 lhacm.acm
09.03.2007 12:24 123.392 xpsp3res.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
28.02.2007 18:02 2.138.624 ntoskrnl.exe
28.02.2007 18:02 2.018.304 ntkrnlpa.exe
22.02.2007 10:15 90.624 nmwcdcls.dll
13.02.2007 17:53 98.304 CmdLineExt.dll
10.02.2007 17:42 9.857 jupdate-1.5.0_11-b03.log
05.02.2007 22:18 185.856 upnphost.dll
02.02.2007 17:20 124.688 MSWINSCK.OCX
29.01.2007 10:58 60.416 tzchange.exe
25.01.2007 16:26 22 ati64hlp.stb
25.01.2007 14:52 617.472 urlmon.dll
24.01.2007 17:04 22 ati64hl2.stb
23.01.2007 21:30 546.304 hhctrl.ocx
11.01.2007 23:36 9.132 jupdate-1.5.0_10-b03.log
04.01.2007 15:41 664.576 wininet.dll
04.01.2007 15:41 474.624 shlwapi.dll
04.01.2007 15:41 1.494.528 shdocvw.dll
04.01.2007 15:41 532.480 mstime.dll
04.01.2007 15:41 39.424 pngfilt.dll
04.01.2007 15:40 146.432 msrating.dll
04.01.2007 15:40 448.512 mshtmled.dll
04.01.2007 15:40 3.077.632 mshtml.dll
04.01.2007 15:40 96.768 inseng.dll
04.01.2007 15:40 16.384 jsproxy.dll
04.01.2007 15:40 251.392 iepeers.dll
04.01.2007 15:40 1.056.256 danim.dll
04.01.2007 15:40 55.808 extmgr.dll
04.01.2007 15:40 205.312 dxtrans.dll
04.01.2007 15:40 357.888 dxtmsft.dll
04.01.2007 15:40 152.064 cdfview.dll
04.01.2007 15:40 1.023.488 browseui.dll
19.12.2006 23:49 135.168 shsvcs.dll
19.12.2006 23:49 8.494.592 shell32.dll
19.12.2006 20:17 334.336 wiaservc.dll
12.12.2006 15:15 845.312 Smab.dll
04.12.2006 16:21 414.720 msscp.dll

2253 Datei(en) 476.232.903 Bytes
0 Verzeichnis(se), 10.596.941.824 Bytes frei

#2
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\DOKUME~1\SERGEJ~1\LOKALE~1\Temp

22.04.2007 16:37 173 jusched.log
22.04.2007 16:33 49.152 ~DF37F1.tmp
2 Datei(en) 49.325 Bytes
0 Verzeichnis(se), 10.596.962.304 Bytes frei

#3
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS

22.04.2007 16:32 0 0.log
22.04.2007 16:32 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
22.04.2007 16:32 1.120.371 WindowsUpdate.log
22.04.2007 16:32 159 wiadebug.log
22.04.2007 16:32 50 wiaservc.log
22.04.2007 16:32 923 spupdsvc.log
22.04.2007 16:32 28.869 setupapi.log
22.04.2007 16:31 2.048 bootstat.dat
22.04.2007 16:30 32.610 SchedLgU.Txt
22.04.2007 16:09 988 iis6.log
22.04.2007 16:09 2.359 tsoc.log
22.04.2007 16:09 2.024 comsetup.log
22.04.2007 16:09 1.229 ntdtcsetup.log
22.04.2007 16:09 342 ocmsn.log
22.04.2007 16:09 1.374 imsins.log
22.04.2007 16:09 8.464 KB929399.log
22.04.2007 16:09 2.916 ocgen.log
22.04.2007 16:09 309 msgsocm.log
22.04.2007 16:09 6.158 FaxSetup.log
22.04.2007 16:09 698 avmcoins.log
21.04.2007 20:58 1.374 imsins.BAK
21.04.2007 20:58 721 win.ini
21.04.2007 20:56 316.640 WMSysPr9.prx
21.04.2007 15:49 54.156 QTFont.qfn
20.04.2007 20:53 1.409 QTFont.for
19.04.2007 15:19 179.200 wincrt.exe
19.04.2007 13:55 16 hpsys.dat
18.04.2007 14:13 0 fp1g9aq.scf
18.04.2007 12:59 0 kodf.wav
16.04.2007 20:55 0 cdi1okj.dll
16.04.2007 19:39 116.736 sccsd32.exe
14.04.2007 21:54 359 BeatBox.INI
14.04.2007 21:54 252 MusicMaker.INI
14.04.2007 21:39 352 Sampler.INI
14.04.2007 21:39 28 Robota.INI
14.04.2007 16:15 0 setupact.log
06.04.2007 20:09 0 shsdmmo.scf
06.04.2007 19:57 3.144.800 lx1k01.txt
06.04.2007 18:12 116.736 skcc32.exe
25.03.2007 20:01 0 setuperr.log
25.03.2007 16:07 2.560 _MSRSTRT.EXE
24.03.2007 18:40 1.962 OEWABLog.txt
24.03.2007 17:46 299.552 WMSysPrx.prx
24.03.2007 17:46 4.161 ODBCINST.INI
24.03.2007 17:45 749 WindowsShell.Manifest
24.03.2007 17:37 231 system.ini
24.03.2007 17:29 1.395 UPGRADE.TXT
24.03.2007 17:18 66.773 setupapi.old
24.03.2007 13:48 4.800.125 setupapi.log.0.old
14.03.2007 23:26 32 Wininit.ini
11.03.2007 19:31 6.537 mgxoschk.ini
04.02.2007 17:07 29 wordpad.ini
04.02.2007 17:07 29 winzip32.ini
24.01.2007 18:48 87.292 War3Unin.dat
04.01.2007 02:49 9.292 super.chm
173 Datei(en) 37.951.506 Bytes
0 Verzeichnis(se), 10.596.958.208 Bytes frei

#4
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\Temp

22.04.2007 16:32 0 T30DebugLogFile.txt
22.04.2007 16:31 16.384 Perflib_Perfdata_4d0.dat
2 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 10.596.958.208 Bytes frei

#5
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\Downloaded Program Files

24.03.2007 17:45 65 desktop.ini
22.06.2006 11:41 5.032 swflash.inf
26.05.2005 04:19 293 muweb.inf
25.08.2003 18:12 1.096 iuctl.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
6 Datei(en) 8.345 Bytes
0 Verzeichnis(se), 10.596.958.208 Bytes frei

#6
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\

22.04.2007 16:45 0 sys.txt
22.04.2007 16:45 571 down.txt
22.04.2007 16:45 337 tmp.txt
22.04.2007 16:44 8.765 system.txt
22.04.2007 16:43 335 systemtemp.txt
22.04.2007 16:42 110.360 system32.txt
22.04.2007 16:31 805.306.368 pagefile.sys
19.04.2007 20:13 519 hpfr3420.xml
19.04.2007 20:13 902 hpfr3425.log
25.03.2007 16:14 212 boot.ini
24.03.2007 18:17 47.564 NTDETECT.COM
24.03.2007 18:17 251.184 ntldr
20.09.2003 16:50 0 MSDOS.SYS
20.09.2003 16:50 0 IO.SYS
20.09.2003 16:50 0 CONFIG.SYS
20.09.2003 16:50 0 AUTOEXEC.BAT
02.04.2003 14:00 4.952 bootfont.bin
17 Datei(en) 805.732.069 Bytes
0 Verzeichnis(se), 10.596.954.112 Bytes frei

Wie soll ich jetzt weiter verfahren?
Dieser Beitrag wurde am 22.04.2007 um 16:46 Uhr von Qwasdert editiert.
Seitenanfang Seitenende
22.04.2007, 18:14
raman
Moderator

Beiträge: 7805
#2 Bei Avast koenntest du mal einen boottimescan ansetzen, aber nutze bitte erst Drweb cureit:
starte im abgesicherten Modus:
http://www.bsi.bund.de/av/texte/wiederher.htm

Nutze die Datentraegerbereinigung(ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern.
http://support.microsoft.com/default.aspx?scid=kb;de;315246

Dort Cureit nutzen: Anleitung: http://virus-protect.org/cureit.html
Aber bitte den Download von hier nutzen http://freedrweb.com/?lng=de

Lasse cureit dort deine Festplatten pruefen und alle Funde in die Quarantäne schieben. Avast kannst du danach auch noch pruefen lassen.

Danach neues Hijackthis log und Combofix report
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.04.2007, 21:19
Qwasdert
...neu hier

Themenstarter

Beiträge: 3
#3 "Sergej T*****" - 07-04-22 21:08:34 Service Pack 2
ComboFix 07-04-21.2V - Running from: C:\Programme\Mozilla Firefox\


((((((((((((((((((((((((((((((( Files Created from 2007-03-22 to 2007-04-22 ))))))))))))))))))))))))))))))))))


2007-04-22 19:56 <DIR> d-------- C:\WINDOWS\pss
2007-04-22 19:54 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\DoctorWeb
2007-04-22 19:44 <DIR> d-------- C:\avenger
2007-04-21 20:58 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-04-21 20:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-21 20:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-21 16:14 <DIR> d--h----- C:\WINDOWS\PIF
2007-04-19 13:55 16 --a------ C:\WINDOWS\hpsys.dat
2007-04-18 17:08 <DIR> d-------- C:\Programme\icqlite
2007-04-18 16:27 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\ICQ
2007-04-18 16:24 <DIR> d-------- C:\Programme\ICQ6
2007-04-16 20:55 0 --a------ C:\WINDOWS\cdi1okj.dll
2007-04-16 00:19 128,232 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-14 18:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\PC Suite
2007-04-14 18:13 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\Nokia
2007-04-14 18:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2007-04-14 18:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-04-14 18:12 <DIR> d-------- C:\Programme\DIFX
2007-04-14 18:12 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\PC Suite
2007-04-14 18:11 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-04-14 18:11 <DIR> d-------- C:\Programme\PC Connectivity Solution
2007-04-14 18:11 <DIR> d-------- C:\Programme\Nokia
2007-04-14 18:10 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Installations
2007-04-12 10:51 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\MAGIX
2007-04-08 23:38 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\WinRAR
2007-04-06 18:12 4 --a------ C:\WINDOWS\system32\msssmsda.dat
2007-03-25 21:53 <DIR> d-------- C:\Programme\MSXML 4.0
2007-03-25 21:17 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-25 16:07 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-25 15:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Agnitum Shared
2007-03-24 18:46 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-03-24 18:46 <DIR> d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\TuneUp Software
2007-03-24 18:45 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-03-24 18:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-24 18:37 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-24 18:24 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-03-24 18:24 9,728 --------- C:\WINDOWS\system32\proxycfg.exe
2007-03-24 18:24 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-03-24 18:24 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-03-24 18:24 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-03-24 18:24 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-03-24 18:24 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-03-24 18:24 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-03-24 18:24 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-03-24 18:24 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-03-24 18:24 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-03-24 18:24 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-03-24 18:24 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-03-24 18:24 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-03-24 18:24 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-03-24 18:24 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-03-24 18:24 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-03-24 18:24 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-03-24 18:24 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-03-24 18:24 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-03-24 18:24 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-03-24 18:24 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-03-24 18:24 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-03-24 18:24 61,440 --------- C:\WINDOWS\system32\logman.exe
2007-03-24 18:24 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-03-24 18:24 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-03-24 18:24 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-03-24 18:24 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-03-24 18:24 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-03-24 18:24 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-03-24 18:24 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-03-24 18:24 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-03-24 18:24 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-03-24 18:24 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-03-24 18:24 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-03-24 18:24 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-03-24 18:24 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-03-24 18:24 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-03-24 18:24 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-03-24 18:24 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-03-24 18:24 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-03-24 18:24 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-03-24 18:24 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-03-24 18:24 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-03-24 18:24 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-03-24 18:24 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-03-24 18:24 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-03-24 18:24 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-03-24 18:24 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-03-24 18:24 40,192 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-03-24 18:24 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-03-24 18:24 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-03-24 18:24 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-03-24 18:24 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-03-24 18:24 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-03-24 18:24 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-03-24 18:24 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-03-24 18:24 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-03-24 18:24 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-03-24 18:24 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-03-24 18:24 32,866 --------- C:\WINDOWS\slrundll.exe
2007-03-24 18:24 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-03-24 18:24 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-03-24 18:24 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-03-24 18:24 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-03-24 18:24 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-03-24 18:24 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-03-24 18:24 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-03-24 18:24 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-03-24 18:24 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-03-24 18:24 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-03-24 18:24 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-03-24 18:24 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-03-24 18:24 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-03-24 18:24 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-03-24 18:24 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-03-24 18:24 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-03-24 18:24 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-03-24 18:24 275,200 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-03-24 18:24 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-03-24 18:24 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-03-24 18:24 25,856 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-03-24 18:24 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-03-24 18:24 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-03-24 18:24 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-03-24 18:24 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-24 18:24 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-03-24 18:24 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-03-24 18:24 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-03-24 18:24 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-03-24 18:24 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-03-24 18:24 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-03-24 18:24 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-03-24 18:24 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-03-24 18:24 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-03-24 18:24 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-03-24 18:24 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-03-24 18:24 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-03-24 18:24 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-03-24 18:24 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-24 18:24 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-03-24 18:24 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-03-24 18:24 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-03-24 18:24 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-03-24 18:24 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-03-24 18:24 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-03-24 18:24 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-03-24 18:24 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-03-24 18:24 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-03-24 18:24 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-03-24 18:24 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-03-24 18:24 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-03-24 18:24 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-03-24 18:24 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-03-24 18:24 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-03-24 18:24 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-03-24 18:24 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-24 18:24 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-03-24 18:24 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-03-24 18:24 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-03-24 18:24 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-03-24 18:24 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-03-24 18:24 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-03-24 18:24 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-03-24 18:24 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-03-24 18:24 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-03-24 18:24 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-03-24 18:24 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-03-24 18:24 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-03-24 18:24 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-03-24 18:24 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-03-24 18:24 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-03-24 18:24 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-03-24 18:24 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-03-24 18:24 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-03-24 18:24 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-24 18:24 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-03-24 18:24 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-03-24 18:24 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-03-24 18:23 <DIR> d-------- C:\WINDOWS\provisioning
2007-03-24 18:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-03-24 18:16 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-24 18:12 <DIR> d-------- C:\WINDOWS\EHome
2007-03-24 17:47 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-24 17:45 242,176 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-24 17:44 188,416 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-24 17:44 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-03-24 17:44 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-24 17:44 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-24 17:37 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-24 17:37 13,824 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-24 17:29 <DIR> d-------- C:\WINDOWS\setup.pss
2007-03-24 12:32 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-03-24 01:27 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys
2007-03-24 01:26 59,136 --a------ C:\WINDOWS\system32\drivers\gckernel.sys
2007-03-23 20:39 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-03-23 20:38 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-03-23 20:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-23 20:36 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-03-23 20:36 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-03-23 20:36 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-03-23 20:36 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-03-23 20:36 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-03-23 20:36 74,240 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-03-23 20:36 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-03-23 20:36 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-03-23 20:36 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-03-23 20:36 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-03-23 20:36 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-03-23 20:36 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-03-23 20:36 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-03-23 20:36 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-03-23 20:36 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-03-23 20:36 563,200 --a------ C:\WINDOWS\system32\qedit.dll
2007-03-23 20:36 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-03-23 20:36 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-03-23 20:36 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-03-23 20:36 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-03-23 20:36 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-03-23 20:36 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-03-23 20:36 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-03-23 20:36 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2007-03-23 20:36 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-03-23 20:36 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-03-23 20:36 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-03-23 20:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 20:36 386,048 --a------ C:\WINDOWS\system32\qdvd.dll
2007-03-23 20:36 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-03-23 20:36 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-03-23 20:36 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-03-23 20:36 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-03-23 20:36 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-03-23 20:36 35,328 --a------ C:\WINDOWS\system32\pid.dll
2007-03-23 20:36 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-03-23 20:36 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-03-23 20:36 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-03-23 20:36 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-03-23 20:36 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-03-23 20:36 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-03-23 20:36 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-03-23 20:36 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-03-23 20:36 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-03-23 20:36 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-03-23 20:36 24,064 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-03-23 20:36 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-03-23 20:36 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-03-23 20:36 214,016 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-03-23 20:36 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-03-23 20:36 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-03-23 20:36 205,312 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-03-23 20:36 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-03-23 20:36 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-03-23 20:36 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-03-23 20:36 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-03-23 20:36 186,368 --a------ C:\WINDOWS\system32\dinput8.dll
2007-03-23 20:36 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-03-23 20:36 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-03-23 20:36 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-03-23 20:36 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-03-23 20:36 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-03-23 20:36 163,328 --a------ C:\WINDOWS\system32\dinput.dll
2007-03-23 20:36 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-03-23 20:36 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-03-23 20:36 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-03-23 20:36 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-03-23 20:36 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-03-23 20:36 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-03-23 20:36 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-03-23 20:36 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-03-23 20:36 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-03-23 20:36 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-03-23 20:36 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-03-23 20:36 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-03-23 20:36 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-03-23 20:36 1,432,576 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-03-23 20:36 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-03-23 20:36 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-03-23 20:36 1,292,800 --a------ C:\WINDOWS\system32\quartz.dll
2007-03-23 20:36 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-03-23 20:36 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-21 20:59 63466 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-21 20:59 388174 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-21 12:54 -------- d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\skype
2007-04-19 23:31 19670 --a------ C:\DOKUME~1\SERGEJ~1\ANWEND~1\wklnhst.dat
2007-04-18 18:16 733824 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-18 18:12 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-18 18:12 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-18 18:10 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-18 18:09 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-18 18:07 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-18 18:06 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-18 16:27 -------- d--h----- C:\Programme\installshield installation information
2007-04-18 14:08 -------- d-------- C:\Programme\messenger
2007-04-07 22:46 3393 --a------ C:\DOKUME~1\SERGEJ~1\ANWEND~1\cleanup!.log
2007-04-06 01:12 -------- d-------- C:\Programme\microsoft works
2007-03-31 23:22 -------- d-------- C:\Programme\no23 recorder
2007-03-28 13:23 -------- d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\openoffice.org2
2007-03-25 19:15 -------- d-------- C:\DOKUME~1\SERGEJ~1\ANWEND~1\teamspeak2
2007-03-25 16:07 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-03-24 22:27 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-24 18:23 -------- d-------- C:\Programme\movie maker
2007-03-24 18:20 -------- d-------- C:\Programme\windows nt
2007-03-24 18:11 -------- d--h----- C:\Programme\windowsupdate
2007-03-24 17:45 23504 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-24 11:55 -------- d-------- C:\Programme\morpheus
2007-03-19 18:30 -------- d-------- C:\Programme\openoffice.org 2.1
2007-03-18 21:32 -------- d-------- C:\Programme\microsoft picture it! 9
2007-03-18 18:41 -------- d-------- C:\Programme\image-line
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 00:56 -------- d-------- C:\Programme\smart projects
2007-03-13 15:09 -------- d-------- C:\Programme\ea games
2007-03-11 19:36 101376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-03-11 18:06 -------- d-------- C:\Programme\vstplugins
2007-03-10 20:15 -------- d-------- C:\Programme\preishai3
2007-03-09 22:12 -------- d-------- C:\Programme\combined community codec pack
2007-03-09 18:41 -------- d-------- C:\Programme\teamspeak2_rc2
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-22 16:11 -------- d-------- C:\Programme\emule
2007-02-13 17:53 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 12:34 60792 --a------ C:\DOKUME~1\SERGEJ~1\ANWEND~1\gdipfontcachev1.dat
2007-01-24 18:48 87292 --a------ C:\WINDOWS\war3unin.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dit"="Dit.exe"
"CHotkey"="mHotkey.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="e1.dll msjidpmo.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"PCMService"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1157484949.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-22 21:14:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\MAGIX\MusicMaker2007deluxe\Samsig.dll 20480 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsiga6.dll 192512 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigm5.dll 155648 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigm6.dll 163840 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigp5.dll 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigp6.dll 147456 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigpx.dll 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Samsigw7.dll 204800 bytes
C:\MAGIX\MusicMaker2007deluxe\scheduler.exe 188416 bytes
C:\MAGIX\MusicMaker2007deluxe\Soundpools.dat 12288 bytes
C:\MAGIX\MusicMaker2007deluxe\support.rtf 20480 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth
C:\MAGIX\MusicMaker2007deluxe\Synth\Atmos.syn 1413120 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Beatbox
C:\MAGIX\MusicMaker2007deluxe\Synth\BeatBox.syn 438272 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Copper.syn 1372160 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Data
C:\MAGIX\MusicMaker2007deluxe\Synth\DrumnBass.syn 1515520 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Icons
C:\MAGIX\MusicMaker2007deluxe\Synth\Init
C:\MAGIX\MusicMaker2007deluxe\Synth\LiViD
C:\MAGIX\MusicMaker2007deluxe\Synth\LiViD.syn 2600960 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\mxfilerelatedcache.mxc2 16 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\New VSTi.mid 320 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Patterns
C:\MAGIX\MusicMaker2007deluxe\Synth\Presets
C:\MAGIX\MusicMaker2007deluxe\Synth\Revolta
C:\MAGIX\MusicMaker2007deluxe\Synth\Revolta.mid 304 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Revolta.syn 1413120 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Robota
C:\MAGIX\MusicMaker2007deluxe\Synth\Robota.syn 499712 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Sampler
C:\MAGIX\MusicMaker2007deluxe\Synth\Sampler.syn 450560 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\SampleTank.syn 1413120 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\SampleTank2 MX
C:\MAGIX\MusicMaker2007deluxe\Synth\SampleTank2 MX.mid 320 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Silver.syn 1372160 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Soundfont
C:\MAGIX\MusicMaker2007deluxe\Synth\translation.ini 408 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Vita
C:\MAGIX\MusicMaker2007deluxe\Synth\Vita.mid 384 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\Vita.syn 1413120 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\VoiceSynth.syn 1519616 bytes
C:\MAGIX\MusicMaker2007deluxe\Synth\VSTi.syn 8 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles
C:\MAGIX\MusicMaker2007deluxe\Titles\3d text.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Combination
C:\MAGIX\MusicMaker2007deluxe\Titles\Credits.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Fisheye.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Font example.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Ghost.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Icons
C:\MAGIX\MusicMaker2007deluxe\Titles\Moving
C:\MAGIX\MusicMaker2007deluxe\Titles\mxfilerelatedcache.mxc2 16 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Rotation
C:\MAGIX\MusicMaker2007deluxe\Titles\Rotation.tfx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Skyblue.bmp 120 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Special
C:\MAGIX\MusicMaker2007deluxe\Titles\Text decoration.tfx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Ticker1.tfx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Ticker2.tfx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\Titles\Translation.ini 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Tts.dll 229376 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials
C:\MAGIX\MusicMaker2007deluxe\Tutorials\01_MediaPool.ogg 868352 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\01_MediaPool.wmv 4833280 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\01_MediaPool_wmv.AVD 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\02_Tools.ogg 1040384 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\02_Tools.wmv 5926912 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\02_Tools_wmv.AVD 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\03_Editing.ogg 454656 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\03_Editing.wmv 3321856 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\04_ObjectFX.ogg 356352 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\04_ObjectFX.wmv 2764800 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\05_TrackFX.ogg 380928 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\05_TrackFX.wmv 2154496 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\06_Robota.ogg 471040 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\06_Robota.wmv 2678784 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\06_Robota_wmv.AVD 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\07_Mixer.ogg 704512 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\07_Mixer.wmv 4173824 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\08_Surround.ogg 512000 bytes
C:\MAGIX\MusicMaker2007deluxe\Tutorials\08_Surround.wmv 2666496 bytes
C:\MAGIX\MusicMaker2007deluxe\uninstall.exe 131072 bytes
C:\MAGIX\MusicMaker2007deluxe\uninstall.ini 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\unwise.adf 81920 bytes
C:\MAGIX\MusicMaker2007deluxe\unwise.exe 176128 bytes
C:\MAGIX\MusicMaker2007deluxe\unwise.ini 728 bytes
C:\MAGIX\MusicMaker2007deluxe\Unzdll.dll 94208 bytes
C:\MAGIX\MusicMaker2007deluxe\Validation.exe 24576 bytes
C:\MAGIX\MusicMaker2007deluxe\Validation.ini 144 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Blur.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Brightness_down.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Brightness_up.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Caleidoscope.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Color_shift.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contour_3x3.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contour_5x5.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contour_left.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contour_top.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contrast_down.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Contrast_up.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Dilate.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Echo.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Emboss.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Erosion.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Fisheye.ifx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Flip_h.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Flip_v.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Icons
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Lens.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Mirror_horizontal.ifx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Mirror_vertical.ifx 8192 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Mosaic.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Motion.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\mxfilerelatedcache.mxc2 16 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Quantize.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Rotate.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Sand.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Saturation_high.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Saturation_low.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Soften.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Substitution.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\translation.ini 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\VideoMixFX
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\Whirlpool.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VideoEffects\_NoEffect.ifx 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Videos
C:\MAGIX\MusicMaker2007deluxe\Videos\Backgrounds
C:\MAGIX\MusicMaker2007deluxe\Videos\Dancer
C:\MAGIX\MusicMaker2007deluxe\Videos\Effects
C:\MAGIX\MusicMaker2007deluxe\Videos\Masks
C:\MAGIX\MusicMaker2007deluxe\Videos\Reals
C:\MAGIX\MusicMaker2007deluxe\Videos\Tunnelrides
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\0_00_NoEffect.afx 20480 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_01_Chorus phrase.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_02_Chorus room1.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_03_Chorus room2.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_04_Chorus twang1.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_05_Chorus twang2.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_06_Pickings 1.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_07_Pickings 2.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_08_Instant refrain.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\1_09_Stereo tube.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\2_01_Phase verb.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\3_01_Flange kiss.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\3_02_Room flanger.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_01_Hard surface.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_02_Dirty spring reverb.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_03_Houston calling.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_04_Dirty chorus1.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_05_Dirty chorus2.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_06_Hi-gain lava.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_07_Stereo trasher.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\4_08_Psycho deluxe.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\5_01_Wall talker.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\5_02_Your solo here.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\5_03_Space 1.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\5_04_Space 2.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\5_05_Dub vinyl.afx 90112 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_01_Dub Digitalis.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_02_Stereo Destruction.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_03_Industrial Age.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_04_Speaker Breakdown.afx 180224 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_05_Quarterpounder.afx 196608 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_06_Filtronaut.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_07_Eat More Echoes.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_08_Retro Clash.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_09_Bitshift Disco.afx 180224 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\6_10_8-bit Jitter Stream.afx 114688 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\BitMachine.dll 786432 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Chorus.dll 1142784 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Delay.dll 1409024 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Distortion.dll 1208320 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Filter.dll 888832 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Flanger.dll 1142784 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\Icons
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\mxfilerelatedcache.mxc2 16 bytes
C:\MAGIX\MusicMaker2007deluxe\VintageEffectSuite\translation.ini 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals
C:\MAGIX\MusicMaker2007deluxe\Visuals\Alienflight.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Analyzer3D.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Armageddon.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Artwork.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Boxer Engine.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Classic.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Cloudy.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Color Circle.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Color Wheel.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Comic.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Confuzius.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Explosion.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fairy Flower.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fire Bird.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fire Line.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fire Ring.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fire.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Fireworks.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Floating.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Galaxy.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Ghost Flower.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Glass River.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Hexagon.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Highway2Hell.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Icons
C:\MAGIX\MusicMaker2007deluxe\Visuals\Interactive.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Loudspeaker.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Meteor.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Misty Stars.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Mountains.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\MusicColor.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\mxfilerelatedcache.mxc2 16 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Orb.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Oriental Pattern.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Psychedelic.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Pure Analyzer.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Rotate Wool.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Rotation Flash.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sample Fence.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sample Galaxy.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sample Mirror.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sample Oily.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sound Smoke.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Sound Valley.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Spectra Cumulus.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Spectrum Figures.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Starflight.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\translation.ini 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Tree 1.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Tree 2.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Tree 3.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Tree 4.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Turbo Prop.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Volcano.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Well.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Visuals\Wool.vis 86016 bytes
C:\MAGIX\MusicMaker2007deluxe\Vita_upgrade.rtf 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\VstPlugins.ini 4096 bytes
C:\MAGIX\MusicMaker2007deluxe\Zipdll.dll 118784 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 241


********************************************************************

Completion time: 07-04-22 21:14:37
C:\ComboFix-quarantined-files.txt ... 07-04-22 21:14


hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:19:21, on 22.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\DitExp.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Eigene Datein 2\Azureus\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176567851609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E389B76-1702-43B0-8FFF-07046F351EFA}: NameServer = 62.220.18.8 62.72.64.241
O20 - AppInit_DLLs: e1.dll msjidpmo.dll
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Seitenanfang Seitenende
22.04.2007, 22:01
raman
Moderator

Beiträge: 7805
#4 FIx biitre diese Dinge(anhaken und fix checked druecken, bei Hijackthis):
O20 - AppInit_DLLs: e1.dll msjidpmo.dll
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll (file missing)

Nei starten und schaue, ob die Eintraege wirklich verschwunden sind. Das sollte dein Warezov Problem beseitigt haben. Besudche noch www.windowsupdate.com um dein System zu aktualisieren...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.04.2007, 23:51
Qwasdert
...neu hier

Themenstarter

Beiträge: 3
#5 Danke für die Ratschläge, jetzt ist alles endgültig gelöscht.

Mein System ist immer aktualisiert, ich werde automatisch bei Updates benachrichtigt und die Virenscanner sind auch immer uptodate.
Deswegen kann ich mir nicht erklären wie mein System infiziert wurde.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1