Spy.Win32.VBStat.h - wie entfernen?

#0
30.04.2007, 12:11
...neu hier

Beiträge: 6
#1 Liebe Helfer-Gemeinde,
auch meinen PC hat's vor 5 Tagen erwischt und ich kann diesen Trojaner trotz Eurer vielen Anweisungen nicht los werden. Kaspersky-AV findet und isoliert den Trojaner und Windows-Defender gibt Warnung über die neuen .dll-Dateien, aber trotzdem kommt alles immer wieder und nach einiger Zeit friert I-Explorer, Win-Explorer und dann der ganze PC ein. Auch beim Öffnen von Outlook or Win-Exploer wird der Trojaner aktiv.
Nachstehend meine Log-Files, wie in der Aweisung von Sabina:
1a. HiJackThis-Log
1b. ComboScan (log und supplemetary-log)
2. CleanUp
3. Combofix
4. Datfin.bat (6 logs)
Jedenfalls wurden zwischen diesen Aktionen/Abfragen immer wieder neue .dll-Dateien vom Trojaner produziert.
Danke im voraus für Hilfe.

Logfile of HijackThis v1.99.1
Scan saved at 09:48:26, on 30.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
D:\Virus\HiJack\1_99_1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: rqrppqn - C:\WINDOWS\SYSTEM32\rqrppqn.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--------------------------------------------
2. ComboScan-Log:

ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
104: 2007-04-30 08:17:42 UTC - RP444 - ComboScan Restore Point
103: 2007-04-30 07:55:45 UTC - RP443 - Windows Defender Checkpoint
102: 2007-04-30 05:19:22 UTC - RP442 - Windows Defender Checkpoint
101: 2007-04-29 22:02:27 UTC - RP441 - Windows Defender Checkpoint
100: 2007-04-29 21:05:41 UTC - RP440 - Windows Defender Checkpoint


-- First Restore Point --
1: 2007-01-30 06:56:45 UTC - RP341 - Systemprüfpunkt


Performed disk cleanup.


-- HijackThis (run as Weidlinger.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:17:56, on 30.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Windows Desktop Search\WindowsSearchFilter.exe
D:\Virus\ComboScan\comboscan.exe
D:\Virus\HiJack\Weidlinger.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AE419761-06FB-439E-A19F-341547F990F2} - C:\WINDOWS\system32\vturo.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: rqrppqn - C:\WINDOWS\SYSTEM32\rqrppqn.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- HijackThis Fixed Entries (D:\Virus\HiJack\backups\) -------------------------

backup-20070430-095429-196 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
backup-20070430-095429-851 O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll
backup-20070430-095429-905 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
backup-20070430-095610-688 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
backup-20070430-095610-939 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R 3xHybrid (3xHybrid service) - C:\WINDOWS\system32\drivers\3xHybrid.sys
2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - C:\WINDOWS\system32\drivers\AegisP.sys
3R AgereSoftModem (Creatix V.92 Data Fax Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3S Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ASAPIW2k - C:\WINDOWS\system32\drivers\asapiW2k.sys
3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - C:\WINDOWS\system32\drivers\cmiucr.SYS
3R dot4 (MS IEEE-1284.4 Driver) - C:\WINDOWS\system32\drivers\Dot4.sys
3R Dot4Print (Druckerklassentreiber für IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys
3R Dot4Scan (Scan Class Driver for IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Scan.sys
3R dot4usb (Dot4USB Filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys
3R FTDIBUS (SEMC DSS SyncStation Serial Converter Driver) - C:\WINDOWS\system32\drivers\ftdibus.sys
3R FTLUND (Lundinova Filter Driver) - C:\WINDOWS\system32\drivers\ftlund.sys
3R FTSER2K (SEMC DSS SyncStation Driver) - C:\WINDOWS\system32\drivers\ftser2k.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R hidusb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
0R Kl1 - C:\WINDOWS\system32\drivers\kl1.sys
1R Klif - C:\WINDOWS\system32\drivers\klif.sys
1R Klmc - C:\WINDOWS\system32\drivers\klmc.sys
0R Klpf - C:\WINDOWS\system32\drivers\Klpf.sys
0R Klpid - C:\WINDOWS\system32\drivers\Klpid.sys
2R LBeepKE - C:\WINDOWS\system32\drivers\LBeepKE.sys
3R LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R MarvinBus (Pinnacle Marvin Bus) - C:\WINDOWS\system32\drivers\MarvinBus.sys
3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE-Filter) - C:\WINDOWS\system32\drivers\mpe.sys
3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys
3S NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R PCLEPCI - C:\WINDOWS\system32\drivers\Pclepci.sys
3S pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys
3S RT2500USB (RT2500 USB Wireless LAN Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys
3R rtl8139 (NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
1R Tcpip6 (Microsoft IPv6-Protokolltreiber) - C:\WINDOWS\system32\drivers\tcpip6.sys
3R tunmp (Microsoft Tun-Miniportadaptertreiber) - C:\WINDOWS\system32\drivers\tunmp.sys
3R usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3R USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2R CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R IISADMIN (IIS Admin) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R kavsvc - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"
2R MSFtpsvc (FTP-Publishing) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
3S p2pgasvc (Peernetzwerk-Gruppenauthentifizierung) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S p2pimsvc (Peernetzwerkidentitäts-Manager) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S p2psvc (Peernetzwerk) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S PNRPSvc (Peer Name Resolution-Protokoll) - C:\WINDOWS\system32\svchost.exe -k p2psvc
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
2R SimpTcp (Einfache TCP/IP-Dienste) - C:\WINDOWS\system32\tcpsvcs.exe
2R SMTPSVC (Simple Mail Transfer Protocol (SMTP)) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S W3SVC (WWW-Publishing) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R WinDefend (Windows Defender) - "C:\Programme\Windows Defender\MsMpEng.exe"
2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe
3R x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-30 10:08:26 432 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-04-30 10:08:24 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-29 19:32:18 366 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-04-07 08:07:05 406 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job<1-KLIC~1.JOB>


-- Files created between 2007-03-30 and 2007-04-30 -----------------------------

2007-04-30 10:09:20 0 d-------- C:\avenger
2007-04-30 09:59:38 49204 --a------ C:\WINDOWS\system32\ukhkjtrc.dll
2007-04-30 09:55:07 49204 --a------ C:\WINDOWS\system32\hbjvlvwg.dll
2007-04-30 07:03:33 570826 ---hs---- C:\WINDOWS\system32\orutv.bak1<ORUTV~1.BAK>
2007-04-30 07:03:24 284244 -----n--- C:\WINDOWS\system32\vturo.dll
2007-04-29 23:58:26 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2<VYBEG~1.INI>
2007-04-29 19:47:26 0 d-------- C:\Programme\HiJack
2007-04-29 19:32:10 0 d-------- C:\Programme\RegCure
2007-04-28 15:10:29 49204 --a------ C:\WINDOWS\system32\yiqwdcgt.dll
2007-04-28 13:10:15 284244 --a------ C:\WINDOWS\system32\ddayy.dll
2007-04-28 10:10:12 284244 --a------ C:\WINDOWS\system32\ssqpo.dll
2007-04-28 07:10:11 284244 --a------ C:\WINDOWS\system32\mlljg.dll
2007-04-26 08:33:19 132660 --a------ C:\WINDOWS\system32\siklhetb.dll
2007-04-26 00:47:37 132660 --a------ C:\WINDOWS\system32\viehlipb.dll
2007-04-26 00:42:33 132660 --a------ C:\WINDOWS\system32\fjwfqcam.dll
2007-04-25 23:56:48 132660 --a------ C:\WINDOWS\system32\akehlhck.dll
2007-04-25 23:50:57 132660 --a------ C:\WINDOWS\system32\iffrvhut.dll
2007-04-25 18:05:16 132660 --a------ C:\WINDOWS\system32\inrgitfp.dll
2007-04-23 23:31:06 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2<QSTWA~1.INI>
2007-04-23 17:17:40 281172 ---hs---- C:\WINDOWS\system32\pmkji.dll
2007-04-23 17:06:21 0 d-------- C:\Programme\LightScribe Diagnostic Utility<LIGHTS~1>
2007-04-23 16:48:34 0 d-------- C:\Programme\Gemeinsame Dateien\LightScribe<LIGHTS~1>
2007-04-22 15:45:24 49204 --a------ C:\WINDOWS\system32\mprgnbfh.dll
2007-04-22 15:36:32 26678 --a------ C:\WINDOWS\system32\rqrppqn.dll
2007-04-05 23:06:27 13568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-04-05 23:06:14 71680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-04-05 23:06:14 56064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-04-05 23:06:09 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-04-05 23:06:08 53248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-05 23:06:08 110592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-05 23:06:08 155648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-05 23:06:07 126976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-05 23:05:33 27264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-04-05 23:05:33 94208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-05 23:05:32 0 d-------- C:\Programme\Logitech
2007-04-05 23:05:31 0 d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-05 22:41:20 21504 --a------ C:\WINDOWS\system32\hidserv.dll


-- Find3M Report ---------------------------------------------------------------

2007-04-30 00:29:24 0 d-------- C:\Programme\Microsoft Money<MICAC0~1>
2007-04-30 00:21:35 0 d-------- C:\Programme\TuneUp Utilities 2006<TUNEUP~1>
2007-04-26 00:46:28 0 d-------- C:\Programme\Windows Live Toolbar<WI81E8~1>
2007-04-25 23:55:59 499532 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-25 23:55:59 101154 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-23 23:03:45 0 d-------- C:\Programme\AdorageI-GfxDatas<ADORAG~2>
2007-04-23 22:32:24 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-04-23 16:48:34 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-04-19 16:50:47 0 d-------- C:\Programme\DesignPro 2000<DESIGN~1>
2007-04-10 06:45:05 0 d-------- C:\Programme\Java
2007-04-05 23:12:56 0 d-------- C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten\Logitech
2007-04-05 23:06:48 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-03-18 13:33:53 0 d-------- C:\Programme\Railroad Tycoon II - Platinum<RAILRO~1>
2007-03-18 12:08:51 0 d-------- C:\Programme\Tropico Demo<TROPIC~1>
2007-03-17 15:44:25 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:36:30 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36:30 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36:30 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32:24 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:18:44 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-04 20:40:31 8273 --a------ C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten\Microsoft Excel.JNL<MICROS~1.JNL>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CnOServerLauncher"="CNOServerLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{66020456-CB22-487F-AC2C-09F6417C55B3}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrppqn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



-- End of ComboScan: finished at 2007-04-30 at 10:18:28 ------------------------
-----------------------------------------------------
ComboScan Supplementary-log:

ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1022.42 MiB / 442.38 MiB
Pagefile Memory (total/avail): 2460.77 MiB / 1957.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.73 MiB

C: is Fixed (NTFS) - 85.32 GiB total, 58.88 GiB free.
D: is Fixed (NTFS) - 107.42 GiB total, 77.42 GiB free.
E: is Fixed (NTFS) - 87.89 GiB total, 69.29 GiB free.
F: is Fixed (NTFS) - 45.38 GiB total, 28.07 GiB free.
G: is Fixed (FAT32) - 9.32 GiB total, 4.38 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Fixed (NTFS) - 39.06 GiB total, 16.83 GiB free.
N: is Fixed (NTFS) - 48.83 GiB total, 1.13 GiB free.
O: is Fixed (NTFS) - 145 GiB total, 6.28 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Kaspersky Anti-Hacker v1.8.0.180 (Kaspersky Lab)
AV: Kaspersky Anti-Virus Personal Pro v5.0.376 (Kaspersky Labs) [COLOR=RED]Outdated[/COLOR]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten
CLASSPATH=C:\Programme\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=WEI03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Weidlinger
LOGONSERVER=\\WEI03
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\QuickTime\QTSystem\;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
USERDOMAIN=WEI03
USERNAME=Weidlinger
USERPROFILE=C:\Dokumente und Einstellungen\Weidlinger
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Weidlinger (admin)
Ferdinand
Renate
Administrator (admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetw
Seitenanfang Seitenende
30.04.2007, 12:43
Moderator

Beiträge: 7805
#2 Combofix fehlt noch.........
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
30.04.2007, 14:25
...neu hier

Themenstarter

Beiträge: 6
#3 Hi Ralf,
offenbar wurden die Logs abgeschnitten, die ich hier nochmals ergänze
(hoffe, dass diesmal bis zum letzten Log (DatFind - C;) alles mitgeht.


ComboScan - supplementary log:

ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1022.42 MiB / 442.38 MiB
Pagefile Memory (total/avail): 2460.77 MiB / 1957.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.73 MiB

C: is Fixed (NTFS) - 85.32 GiB total, 58.88 GiB free.
D: is Fixed (NTFS) - 107.42 GiB total, 77.42 GiB free.
E: is Fixed (NTFS) - 87.89 GiB total, 69.29 GiB free.
F: is Fixed (NTFS) - 45.38 GiB total, 28.07 GiB free.
G: is Fixed (FAT32) - 9.32 GiB total, 4.38 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Fixed (NTFS) - 39.06 GiB total, 16.83 GiB free.
N: is Fixed (NTFS) - 48.83 GiB total, 1.13 GiB free.
O: is Fixed (NTFS) - 145 GiB total, 6.28 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Kaspersky Anti-Hacker v1.8.0.180 (Kaspersky Lab)
AV: Kaspersky Anti-Virus Personal Pro v5.0.376 (Kaspersky Labs) [COLOR=RED]Outdated[/COLOR]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten
CLASSPATH=C:\Programme\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=WEI03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Weidlinger
LOGONSERVER=\\WEI03
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\QuickTime\QTSystem\;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
USERDOMAIN=WEI03
USERNAME=Weidlinger
USERPROFILE=C:\Dokumente und Einstellungen\Weidlinger
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Weidlinger (admin)
Ferdinand
Renate
Administrator (admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /X{C0B88772-EACC-4F69-9F77-59A4894CF170}
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACD VideoMagic --> MsiExec.exe /X{D68FEDDE-6FCE-4A30-90FF-EA523DB4C8D3}
ACDSee 6.0 PowerPack --> MsiExec.exe /I{8E9FFE4C-FC95-4079-86CE-EDFC642DFDC9}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Avery Zweckform DesignPro 2000 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
C-Media Card Reader Driver USB2.0 --> C:\WINDOWS\system32\CmUCRRm.exe
C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Programme\C-Media USB2.0 Card Reader
Canon LBP5000 --> C:\Programme\Canon\PrnUninstall\Canon LBP5000\CNAC4UN.EXE
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini"
Creatix V.92 Data Fax Modem --> agrsmdel
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVBPortal HDTVPump Filter and Plugin --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\hdtvpump.inf,DefaultUninstall
Geogrid® - Viewer V1.1 --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Geogrid-Viewer\Uninst.isu
HEROLD Telefon CD Home --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{04D87603-0F33-4EA8-A1FE-19BFAB3872C0}
HijackThis 1.99.1 --> D:\Virus\HiJack\HijackThis.exe /uninstall
Hollywood FX 5.5 Additional Effects --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hollywood FX Pack 26 - Extra FX --> C:\WINDOWS\unvise32.exe C:\WINDOWS\unextrafx.log
Hotfix für Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB913296) --> "C:\WINDOWS\$NtUninstallKB913296$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914841) --> "C:\WINDOWS\$NtUninstallKB914841$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Fotodruck-Programm --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Programme\Hewlett-Packard\Photo Printing\hpiunPC.dll
hp officejet d series - 2 --> C:\WINDOWS\system32\hpocon09.exe /u 1142753889 /d "hp officejet d series"
HP Share-to-Web --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l7
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Hacker --> "C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\uninstall.exe"
Kaspersky Anti-Virus Personal Pro --> "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\uninstall.exe"
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LightScribe Diagnostic Utility --> MsiExec.exe /X{90C1F682-9F40-42EC-BBE0-D2A1A4987E1B}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Baseline Security Analyzer 2.0 --> MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2006 Enzyklopädie Standard --> MsiExec.exe /I{06100048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Foto 2006 Standard Edition --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Money 99 --> C:\Programme\Microsoft Money\setup\setup.exe
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Pack 2 --> MsiExec.exe /I{90AC0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Pack 3 --> MsiExec.exe /I{90AD0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Outlook-Sicherung für Persönliche Ordner --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Producer für Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691031}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
ODBC --> C:\WINDOWS\IsUninst.exe -fC:\Programme\ODBC-DAO-RDO\ODBC\Uninst.isu -cC:\Programme\ODBC-DAO-RDO\ODBC\_UNODBC.DLL
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pixie registration fix --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}\setup.exe" -l0x9
PowerCinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
proDAD Heroglyph 1.0 --> "C:\Programme\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp
progeCAD LT 2006 SP1 --> C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE C:\PROGRA~1\PROGES~1\PROGEC~1\install.log
ProSaldo E/A 1.5 --> "C:\Programme\ProSaldo EA\unins000.exe"
QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1031
Railroad Tycoon II - Platinum --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}\setup.exe"
RealArcade --> C:\Programme\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x7 REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
REALVIZ StitcherEZ ACD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2EDC0C39-9F9F-461F-9C43-3D51B58B4C87}\Setup.exe" -l0x7 UNINSTALL
RegCure 1.3.0.2 --> C:\Programme\RegCure\uninst.exe
RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly
Schachermayer Warenkorb 1.8 --> C:\WINDOWS\st6unst.exe -n "c:\glink\ST6UNST.LOG"
SEMC DSS SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Setup-Start von Microsoft Works Suite 2006 --> C:\Programme\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP F:\MS Works Suite 2006\
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson Image Editor --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\Setup.exe" -l0x9 -l0009 --remove=y
Sony Ericsson MMS Home Studio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9462C4AD-D6C4-4365-B4AD-BFE0B1E216C3}\Setup.exe" -l0x7 -l0007 --remove=y
Sony Ericsson PC Suite 3.2.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -l0x7
Studio 9 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7 UNINSTALL
Studio 9 Content CD/DVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x7 UNINSTALL
Studio 9.4 Patch --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x7 UNINSTALL
Tropico Demo --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7D9F6ED8-7EBC-4A11-A83E-9F25AF4F2A40}\Setup.exe"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896427) --> "C:\WINDOWS\$NtUninstallKB896427$\spuninst\spuninst.exe"
Update für Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB907265) --> "C:\WINDOWS\$NtUninstallKB907265$\spuninst\spuninst.exe"
Update für Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update Service --> "C:\Programme\Sony Ericsson\Update Service\Uninstall Update Service\Uninstall Update Service.exe"
videon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
VP6 VFW Codec --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9
Windows-Desktopsuche --> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB319740 --> "C:\WINDOWS\$NtUninstallKB319740$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873339 --> "C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB884883 --> "C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885222 --> "C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885626 --> "C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885835 --> "C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885836 --> "C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885894 --> "C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB886677 --> "C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB886716 --> "C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB887472 --> "C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB887742 --> "C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB888113 --> "C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB888302 --> "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB889016 --> "C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB889673 --> "C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890831 --> "C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB896626 --> "C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
WinZip --> "C:\Programme\WinZip9\WINZIP32.EXE" /uninstall
WinZip Companion for Outlook --> "C:\Programme\WinZip Companion for Outlook\uninst.exe"
WinZip Self-Extractor --> "C:\Programme\WinZip Self-Extractor\wzipse32.exe" -uninstall
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log


-- End of ComboScan: finished at 2007-04-30 at 10:18:28 ------------------------

-------------------------------------------------
CeanUp: kein Log-File


--------------------------------------------------
ComboFix:

"Weidlinger" - 07-04-30 10:52:38 Service Pack 2
ComboFix 07-04-25.4V - Running from: "D:\Virus\ComboFix\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\hbjvlvwg.dll
C:\WINDOWS\system32\mprgnbfh.dll
C:\WINDOWS\system32\ukhkjtrc.dll
C:\WINDOWS\system32\yiqwdcgt.dll
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\rqrppqn.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\DOWNLO~1.\Quarantine\ppqdb.dat
C:\WINDOWS\DOWNLO~1.\Quarantine\ppqsdb.dat
C:\WINDOWS\DOWNLO~1.\Quarantine


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 10:09 <DIR> d-------- C:\avenger
2007-04-30 07:03 570,826 ---hs---- C:\WINDOWS\system32\orutv.bak1
2007-04-30 07:03 284,244 --------- C:\WINDOWS\system32\vturo.dll
2007-04-29 23:58 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2
2007-04-29 19:47 <DIR> d-------- C:\Programme\HiJack
2007-04-29 19:32 <DIR> d-------- C:\Programme\RegCure
2007-04-28 07:10 284,244 --a------ C:\WINDOWS\system32\mlljg.dll
2007-04-26 08:33 132,660 --a------ C:\WINDOWS\system32\siklhetb.dll
2007-04-26 00:47 132,660 --a------ C:\WINDOWS\system32\viehlipb.dll
2007-04-26 00:42 132,660 --a------ C:\WINDOWS\system32\fjwfqcam.dll
2007-04-25 23:56 132,660 --a------ C:\WINDOWS\system32\akehlhck.dll
2007-04-25 23:50 132,660 --a------ C:\WINDOWS\system32\iffrvhut.dll
2007-04-25 18:05 132,660 --a------ C:\WINDOWS\system32\inrgitfp.dll
2007-04-23 23:31 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2
2007-04-23 17:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\LightScribe
2007-04-23 17:06 <DIR> d-------- C:\Programme\LightScribe Diagnostic Utility
2007-04-23 16:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2007-04-05 23:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech
2007-04-05 23:12 <DIR> d-------- C:\DOKUME~1\WEIDLI~1\ANWEND~1\Logitech
2007-04-05 23:06 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-04-05 23:06 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-04-05 23:06 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-05 23:06 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-04-05 23:06 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-05 23:06 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-04-05 23:06 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-05 23:06 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-05 23:06 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-05 23:05 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-05 23:05 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-04-05 23:05 <DIR> d-------- C:\Programme\Logitech
2007-04-05 23:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-05 22:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 00:29 -------- d-------- C:\Programme\microsoft money
2007-04-30 00:21 -------- d-------- C:\Programme\tuneup utilities 2006
2007-04-26 00:46 -------- d-------- C:\Programme\windows live toolbar
2007-04-25 23:55 499532 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-25 23:55 101154 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-19 16:50 -------- d-------- C:\Programme\designpro 2000
2007-04-05 23:06 -------- d--h----- C:\Programme\installshield installation information
2007-03-18 13:33 -------- d-------- C:\Programme\railroad tycoon ii - platinum
2007-03-18 12:08 -------- d-------- C:\Programme\tropico demo
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-04 20:40 8273 --a------ C:\DOKUME~1\WEIDLI~1\ANWEND~1\microsoft excel.jnl


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F85D76C-0569-466F-A488-493E6BD0E955} C:\Programme\Windows Desktop Search\dsWebAllow.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
{CD49E158-9CC2-47AA-8E6D-610E1FA494C2} C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CnOServerLauncher"="CNOServerLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070430-095610-939
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
backup-20070430-095610-688
O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
backup-20070430-095429-851
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll
backup-20070430-095429-196
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
backup-20070430-095429-905
O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 11:02:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 11:02:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-30 11:02


----------------------------------------------------------
ComboFix - quarantined:

Code

06-07-20 08:05      32    --a------    C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqdb.dat.vir
06-07-20 08:05      32    --a------    C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqsdb.dat.vir
07-04-22 15:36      26678    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrppqn.dll.vir
07-04-22 15:45      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mprgnbfh.dll.vir
07-04-23 17:17      281172    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkji.dll.vir
07-04-23 17:17      353    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkmp.ini.vir
07-04-28 10:10      284244    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqpo.dll.vir
07-04-28 13:10      284244    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddayy.dll.vir
07-04-28 15:10      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\yiqwdcgt.dll.vir
07-04-30 09:55      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hbjvlvwg.dll.vir
07-04-30 09:59      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ukhkjtrc.dll.vir


Auflistung der Ordnerpfade fr Volume SYSTEM
Volumenummer: 2829-A5AE
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINDOWS
    |       +---DOWNLO~1
    |       |   \---Quarantine
    |       |           ppqdb.dat.vir
    |       |           ppqsdb.dat.vir
    |       |          
    |       \---system32
    |               ddayy.dll.vir
    |               hbjvlvwg.dll.vir
    |               ijkmp.ini.vir
    |               mprgnbfh.dll.vir
    |               pmkji.dll.vir
    |               rqrppqn.dll.vir
    |               ssqpo.dll.vir
    |               ukhkjtrc.dll.vir
    |               yiqwdcgt.dll.vir
    |              
    \---Registry_backups
----------------------------------------------------------
DatFind - system32:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 2829-A5AE

Verzeichnis von C:\WINDOWS\system32

30.04.2007 11:13 571.187 orutv.ini
30.04.2007 11:09 49.204 doctwqxc.dll
30.04.2007 11:09 570.866 orutv.bak1
30.04.2007 11:04 49.204 ysvummtf.dll
30.04.2007 10:59 1.364 btehlkis.ini
30.04.2007 10:58 39.355 nvapps.xml
30.04.2007 10:57 13.646 wpa.dbl
30.04.2007 07:03 284.244 vturo.dll
30.04.2007 00:15 353 vybeg.ini2
29.04.2007 23:52 572.773 vybeg.tmp
29.04.2007 18:18 353 gfhkj.ini
29.04.2007 16:57 353 yycdd.ini
28.04.2007 17:15 353 yccdd.ini
28.04.2007 07:10 284.244 mlljg.dll
27.04.2007 00:54 353 wvvwa.ini
26.04.2007 08:33 132.660 siklhetb.dll
26.04.2007 00:47 344 bpilheiv.ini
26.04.2007 00:47 132.660 viehlipb.dll
26.04.2007 00:42 344 macqfwjf.ini
26.04.2007 00:42 132.660 fjwfqcam.dll
25.04.2007 23:56 344 kchlheka.ini
25.04.2007 23:56 132.660 akehlhck.dll
25.04.2007 23:55 85.856 perfc009.dat
25.04.2007 23:55 470.640 perfh009.dat
25.04.2007 23:55 101.154 perfc007.dat
25.04.2007 23:55 499.532 perfh007.dat
25.04.2007 23:55 1.172.334 PerfStringBackup.INI
25.04.2007 23:50 294 tuhvrffi.ini
25.04.2007 23:50 132.660 iffrvhut.dll
25.04.2007 18:05 1.304 pftigrni.ini
25.04.2007 18:05 132.660 inrgitfp.dll
25.04.2007 12:25 1.512.718 khlvxtta.ini
25.04.2007 00:13 353 prutv.ini
24.04.2007 07:44 353 qstwa.ini2
23.04.2007 23:31 475.672 qstwa.tmp
23.04.2007 20:48 353 ijllm.ini
23.04.2007 15:49 353 cdeeg.ini
10.04.2007 06:45 4.043 jupdate-1.6.0_01-b06.log
04.04.2007 00:33 331.480 FNTCACHE.DAT
03.04.2007 22:48 13.511.640 MRT.exe
02.04.2007 14:21 428.032 swreg.exe
02.04.2007 08:36 546.304 hhctrl.ocx
17.03.2007 15:44 293.376 winsrv.dll
14.03.2007 02:04 69.632 javacpl.cpl
14.03.2007 02:04 139.264 javaws.exe
14.03.2007 00:31 135.168 javaw.exe
14.03.2007 00:31 135.168 java.exe
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
28.02.2007 18:02 2.138.624 ntoskrnl.exe
28.02.2007 18:02 2.018.304 ntkrnlpa.exe
15.02.2007 19:01 337.280 WgaTray.exe
15.02.2007 19:01 1.476.992 LegitCheckControl.dll
15.02.2007 19:00 236.928 WgaLogon.dll
15.02.2007 02:24 118.934 TZLog.log
05.02.2007 22:18 185.856 upnphost.dll
29.01.2007 10:58 60.416 tzchange.exe
12.01.2007 10:27 670.720 mstime.dll
12.01.2007 10:27 27.136 jsproxy.dll
12.01.2007 10:27 232.960 webcheck.dll
12.01.2007 10:27 132.608 extmgr.dll
12.01.2007 10:27 3.580.416 mshtml.dll
12.01.2007 10:27 477.696 mshtmled.dll
12.01.2007 10:27 6.054.400 ieframe.dll
12.01.2007 10:27 1.149.952 urlmon.dll
12.01.2007 10:27 458.752 msfeeds.dll
12.01.2007 10:27 822.784 wininet.dll
12.01.2007 10:27 51.712 msfeedsbs.dll
11.01.2007 08:14 9.132 jupdate-1.5.0_10-b03.log
10.01.2007 18:42 1.040.384 ieframe.dll.mui
08.01.2007 20:04 105.984 url.dll
08.01.2007 20:04 102.400 occache.dll
08.01.2007 20:03 193.024 msrating.dll
08.01.2007 20:02 1.823.744 inetcpl.cpl
08.01.2007 20:02 44.544 iernonce.dll
08.01.2007 20:02 266.752 iertutil.dll
08.01.2007 20:02 384.000 iedkcs32.dll
08.01.2007 20:02 153.088 ieakeng.dll
08.01.2007 20:02 230.400 ieaksie.dll
08.01.2007 20:02 161.792 ieakui.dll
08.01.2007 20:02 383.488 ieapfltr.dll
08.01.2007 20:01 17.408 corpol.dll
08.01.2007 20:00 124.928 advpack.dll
08.01.2007 19:08 56.832 ie4uinit.exe
08.01.2007 19:08 13.824 ieudinit.exe
19.12.2006 23:49 135.168 shsvcs.dll
19.12.2006 23:49 8.494.592 shell32.dll
19.12.2006 20:17 334.336 wiaservc.dll
10.12.2006 08:05 16.832 amcompat.tlb
10.12.2006 08:05 23.392 nscompat.tlb
04.12.2006 16:21 414.720 msscp.dll
01.12.2006 05:20 212.480 swxcacls.exe
29.11.2006 17:21 370.688 swsc.exe
27.11.2006 16:54 539.136 msftedit.dll
27.11.2006 16:54 433.152 riched20.dll
27.11.2006 02:34 49.152 vfind.exe
17.11.2006 19:53 12.288 advpack.dll.mui
17.11.2006 16:14 16.176 spmsg.dll
15.11.2006 23:01 4.276 divxsm.tlb
15.11.2006 23:01 520.192 DivXsm.exe
15.11.2006 23:01 10.863 dsm_ja.qm
15.11.2006 23:01 15.507 dsm_de.qm
15.11.2006 23:01 15.299 dsm_fr.qm
15.11.2006 23:01 3.596.288 qt-dx331.dll
15.11.2006 23:01 183.032 pxmas.dll
15.11.2006 23:01 68.344 pxhpinst.exe
15.11.2006 23:01 379.640 pxwave.dll
15.11.2006 23:01 486.136 pxdrv.dll
15.11.2006 23:01 115.960 pxcpyi64.exe
15.11.2006 23:01 116.984 pxinsi64.exe
15.11.2006 23:01 523.000 px.dll
15.11.2006 23:01 64.248 pxcpya64.exe
15.11.2006 23:01 63.736 pxinsa64.exe
15.11.2006 23:01 39.672 vxblock.dll
15.11.2006 23:01 1.044.480 libdivx.dll
15.11.2006 23:01 200.704 ssldivx.dll
15.11.2006 22:56 73.728 dpl100.dll
15.11.2006 22:56 196.608 dtu100.dll
15.11.2006 22:56 53.248 dpuGUI10.dll
15.11.2006 22:56 593.920 dpuGUI11.dll
15.11.2006 22:56 344.064 dpus11.dll
15.11.2006 22:56 57.344 dpv11.dll
15.11.2006 22:56 294.912 dpu11.dll
15.11.2006 22:56 294.912 dpu10.dll
15.11.2006 22:56 806.912 divx_xx07.dll
15.11.2006 22:56 806.912 divx_xx0c.dll
15.11.2006 22:56 790.528 divx_xx11.dll
15.11.2006 22:56 635.486 DivX.dll
15.11.2006 22:37 704.512 divxdec.ax
15.11.2006 22:36 12.288 DivXWMPExtType.dll
15.11.2006 22:36 118.784 DivXCodecUpdateChecker.exe
15.11.2006 22:36 8.523 dpude.qm
15.11.2006 22:36 3.136 dtu_de.qm
09.11.2006 10:18 8.833 jupdate-1.5.0_09-b03.log
08.11.2006 07:06 679.424 inetcomm.dll
07.11.2006 22:03 156.160 msls31.dll
07.11.2006 22:03 180.736 ieui.dll
07.11.2006 22:03 191.488 iepeers.dll
07.11.2006 22:03 413.696 vbscript.dll
07.11.2006 04:26 71.680 admparse.dll
07.11.2006 04:26 55.296 iesetup.dll
07.11.2006 04:26 92.672 inseng.dll
07.11.2006 04:24 56.483 ieuinit.inf
04.11.2006 15:14 1.245.696 msxml4.dll
03.11.2006 11:02 8.282.112 wmploc.dll
03.11.2006 10:56 99.840 wmpshell.dll
03.11.2006 10:55 275.968 wmerror.dll
03.11.2006 10:54 8.192 asferror.dll
02.11.2006 12:51 43.008 wpdshextres.dll
01.11.2006 21:17 927.504 mfc40u.dll
23.10.2006 17:34 1.497.600 shdocvw.dll
23.10.2006 17:34 474.624 shlwapi.dll
23.10.2006 17:34 1.056.256 danim.dll
23.10.2006 17:34 1.022.976 browseui.dll
23.10.2006 17:34 152.064 cdfview.dll
20.10.2006 03:38 715.776 sxs.dll
18.10.2006 22:58 8.704 wdfmgr.exe
18.10.2006 22:58 8.704 uwdf.exe
18.10.2006 22:47 2.603.008 WpdShext.dll
18.10.2006 22:47 629.760 wpd_ci.dll
18.10.2006 22:47 154.624 wpdmtp.dll
18.10.2006 22:47 356.352 wpdsp.dll
18.10.2006 22:47 4.096 wmsdmod.dll
18.10.2006 22:47 35.840 wpdconns.dll
18.10.2006 22:47 133.632 WPDShServiceObj.dll
18.10.2006 22:47 656.896 WMVXENCD.dll
18.10.2006 22:47 767.488 WMVSENCD.dll
18.10.2006 22:47 2.450.944 SET2B4.tmp
18.10.2006 22:47 4.096 wmsdmoe2.dll
18.10.2006 22:47 4.096 WMVADVD.dll
18.10.2006 22:47 4.096 WMVADVE.DLL
18.10.2006 22:47 2.450.944 wmvcore.dll
18.10.2006 22:47 603.648 WMSPDMOD.dll
18.10.2006 22:47 1.543.680 WMVDECOD.dll
18.10.2006 22:47 63.488 wpdmtpus.dll
18.10.2006 22:47 4.096 wmvdmod.dll
18.10.2006 22:47 4.096 wmvdmoe2.dll
18.10.2006 22:47 1.574.912 WMVENCOD.dll
18.10.2006 22:47 4.096 SET2B6.tmp
18.10.2006 22:47 1.382.912 WMVSDECD.dll
18.10.2006 22:47 1.329.152 WMSPDMOE.dll
18.10.2006 22:47 348.672 wmdrmnet.dll
18.10.2006 22:47 937.984 WMNetMgr.dll
18.10.2006 22:47 10.834.432 wmp.dll
18.10.2006 22:47 242.688 wmpasf.dll
18.10.2006 22:47 314.880 wmpdxm.dll
18.10.2006 22:47 1.661.440 wmpencen.dll
18.10.2006 22:47 157.184 wmidx.dll
18.10.2006 22:47 295.936 wmpeffects.dll
18.10.2006 22:47 204.288 wmpsrcwp.dll
18.10.2006 22:47 130.048 wmpps.dll
18.10.2006 22:47 535.040 wmdrmsdk.dll
18.10.2006 22:47 613.376 wmpmde.dll
18.10.2006 22:47 37.376 wmdmps.dll
18.10.2006 22:47 33.792 wmdmlog.dll
18.10.2006 22:47 222.208 wmasf.dll
18.10.2006 22:47 1.117.696 WMADMOE.dll
18.10.2006 22:47 757.248 WMADMOD.dll
18.10.2006 22:47 284.160 PortableDeviceApi.dll
18.10.2006 22:47 101.888 PortableDeviceClassExtension.dll
18.10.2006 22:47 166.912 PortableDeviceTypes.dll
18.10.2006 22:47 132.096 PortableDeviceWiaCompat.dll
18.10.2006 22:47 199.168 PortableDeviceWMDRM.dll
18.10.2006 22:47 4.096 wdfapi.dll
18.10.2006 22:47 222.208 SET2A8.tmp
18.10.2006 22:47 429.056 wmdrmdev.dll
18.10.2006 22:47 211.456 SET2A5.tmp
18.10.2006 22:47 321.536 mswmdm.dll
18.10.2006 22:47 27.136 mspmsnsv.dll
18.10.2006 22:47 179.712 msnetobj.dll
18.10.2006 22:47 175.616 mspmsp.dll
18.10.2006 22:47 11.264 LAPRXY.dll
18.10.2006 22:47 4.096 MP4SDMOD.dll
18.10.2006 22:47 259.072 MPG4DECD.dll
18.10.2006 22:47 4.096 MPG4DMOD.dll
18.10.2006 22:47 212.992 MFPLAT.dll
18.10.2006 22:47 4.096 MP43DMOD.dll
18.10.2006 22:47 259.072 MP43DECD.dll
18.10.2006 22:47 317.440 MP4SDECD.dll
18.10.2006 22:47 229.376 cewmdm.dll
18.10.2006 22:47 542.720 blackbox.dll
18.10.2006 22:47 991.744 drmv2clt.dll
18.10.2006 22:47 276.992 SET2C1.tmp
18.10.2006 21:05 232.448 l3codecp.acm
18.10.2006 21:03 100.864 logagent.exe
18.10.2006 21:00 249.856 drmupgds.exe
18.10.2006 21:00 17.408 wpdshextautoplay.exe
17.10.2006 13:06 443.904 html.iec
17.10.2006 13:06 78.336 ieencode.dll
17.10.2006 13:05 206.336 WinFXDocObj.exe
17.10.2006 13:05 40.960 licmgr10.dll
17.10.2006 13:00 491.520 jscript.dll
17.10.2006 12:58 12.288 msfeedssync.exe
17.10.2006 12:58 61.952 icardie.dll
17.10.2006 12:58 44.544 pngfilt.dll
17.10.2006 12:58 346.624 dxtmsft.dll
17.10.2006 12:57 36.352 imgutil.dll
17.10.2006 12:57 214.528 dxtrans.dll
17.10.2006 12:56 45.568 mshta.exe
17.10.2006 12:55 66.560 tdc.ocx
17.10.2006 12:28 48.128 mshtmler.dll
17.10.2006 12:19 1.383.424 mshtml.tlb
16.10.2006 18:15 126.976 oledlg.dll
14.10.2006 10:13 981.760 mfc42u.dll
13.10.2006 14:35 64.000 nwapi32.dll
13.10.2006 14:35 65.536 nwwks.dll
13.10.2006 14:35 146.432 nwprovau.dll
02.10.2006 18:58 24.072 uxtuneup.dll
02.10.2006 16:28 312.128 msdelta.dll
28.09.2006 21:13 95.344 WUDFCoinstaller.dll
28.09.2006 19:56 146.432 WudfHost.exe
28.09.2006 19:56 316.416 WUDFx.dll
28.09.2006 19:56 165.376 WudfPlatform.dll
28.09.2006 19:56 55.808 WudfSvc.dll
25.09.2006 18:58 23.856 spupdsvc.exe
23.09.2006 13:12 82.428 IE7Eula.rtf
17.09.2006 02:28 2.277.888 TUKernel.exe
13.09.2006 07:02 1.084.416 msxml3.dll
09.09.2006 10:49 7.085 jupdate-1.5.0_06-b05.log
06.09.2006 00:01 2.451.824 ieapfltr.dat
01.09.2006 08:44 8.798 icrav03.rat
01.09.2006 08:44 1.988 ticrf.rat
25.08.2006 17:46 617.472 comctl32.dll
24.08.2006 14:19 246.814 strmdll.dll
24.08.2006 14:17 500.278 dxmasf.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
17.08.2006 14:41 337.408 netapi32.dll
17.08.2006 14:41 132.096 wkssvc.dll
17.08.2006 14:41 734.208 lsasrv.dll
16.08.2006 13:58 100.352 6to4svc.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:51 121.856 xmllite.dll
05.07.2006 12:55 1.057.792 kernel32.dll
30.06.2006 00:13 53.248 KemXML.dll
30.06.2006 00:13 155.648 kemutb.dll
30.06.2006 00:13 110.592 KemWnd.dll
30.06.2006 00:12 126.976 KemUtil.dll
29.06.2006 09:05 26.112 idndl.dll
29.06.2006 09:05 23.552 normaliz.dll
28.06.2006 18:59 24.576 nlsdl.dll
26.06.2006 19:40 8.192 rasadhlp.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 15:21 176.167 rmoc3260.dll
26.06.2006 15:21 5.632 pndx5032.dll
26.06.2006 15:21 6.656 pndx5016.dll
26.06.2006 15:21 278.528 pncrt.dll
22.06.2006 07:06 1.441.792 query.dll
22.06.2006 07:06 69.120 ciodm.dll
08.06.2006 13:06 45.794 normnfc.nls
08.06.2006 13:06 39.284 normnfd.nls
08.06.2006 13:06 60.294 normnfkd.nls
08.06.2006 13:06 59.342 normidna.nls
08.06.2006 13:06 66.384 normnfkc.nls
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 95.744 iphlpapi.dll
14.05.2006 10:48 181.248 rasmans.dll
10.05.2006 23:09 664 d3d9caps.dat
10.05.2006 19:38 288 $winnt$.inf
10.05.2006 19:33 488 logonui.exe.manifest
10.05.2006 19:33 488 WindowsLogon.manifest
10.05.2006 19:33 749 cdplayer.exe.manifest
10.05.2006 19:33 749 ncpa.cpl.manifest
10.05.2006 19:33 749 wuaucpl.cpl.manifest
10.05.2006 19:33 749 nwc.cpl.manifest
10.05.2006 19:33 749 sapi.cpl.manifest
10.05.2006 19:32 26.264 emptyregdb.dat
11.04.2006 21:09 219.136 uxtheme.dll
11.04.2006 21:09 134.272 HAL.DLL
11.04.2006 21:09 61.440 mmcshext.dll
11.04.2006 21:09 33.792 mmcperf.exe
11.04.2006 21:09 1.916.928 mmcndmgr.dll
11.04.2006 21:09 106.496 mmcfxcommon.dll
11.04.2006 21:09 397.312 mmcex.dll
11.04.2006 21:09 169.984 mmcbase.dll
11.04.2006 21:09 184.320 microsoft.managementconsole.dll
11.04.2006 21:09 1.354.240 mmc.exe
11.04.2006 21:09 148.480 cic.dll
11.04.2006 21:09 28.672 verclsid.exe
11.04.2006 21:08 270.848 oakley.dll
06.04.2006 20:10 245.408 unicows.dll
06.04.2006 20:10 352.401 DivXMedia.ax
31.03.2006 12:40 2.388.176 d3dx9_30.dll
31.03.2006 11:03 307.200 CNOServer.exe
24.03.2006 06:37 49.152 wdigest.dll
18.03.2006 00:31 51.913 PCSuiteP80x.txt
12.03.2006 23:05 3.770 jupdate-1.5.0_04-b05.log
01.03.2006 21:43 66.560 mtxclu.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 91.136 mtxoci.dll
19.02.2006 10:22 8 DE6D0AF3E7.sys
19.02.2006 02:48 13.646 wpa.bak
18.02.2006 23:53 146.650 BuzzingBee.wav
18.02.2006 23:53 940.794 LoopyMusic.wav
18.02.2006 23:36 552 d3d8caps.dat
18.02.2006 23:13 2.951 CONFIG.NT
18.02.2006 23:05 0 h323log.txt
24.01.2006 01:17 621.272 mswstr10.dll
16.01.2006 20:49 838.360 mswdat10.dll
04.01.2006 05:35 68.096 webclnt.dll
04.01.2006 05:35 68.096 webclnt(2).dll
30.12.2005 21:16 77.824 xvid.ax
30.12.2005 21:10 761.856 xvidcore.dll
29.12.2005 04:54 280.064 gdi32(2).dll
19.12.2005 12:57 466.944 capicom.dll
14.12.2005 15:51 86.016 nvmctray.dll
14.12.2005 15:51 1.019.904 nvwimg.dll
14.12.2005 15:51 1.662.976 nvwdmcpl.dll
14.12.2005 15:51 466.944 nvshell.dll
14.12.2005 15:51 1.339.392 nvdspsch.exe
14.12.2005 15:51 442.368 nvappbar.exe
14.12.2005 15:51 16.356 nvdisp.nvu
14.12.2005 15:51 1.519.616 nwiz.exe
14.12.2005 15:51 5.394.432 nvoglnt.dll
14.12.2005 15:51 3.916.416 nv4_disp.dll
14.12.2005 15:51 90.112 nvapi.dll
14.12.2005 15:51 81.920 nvwddi.dll
14.12.2005 15:51 143.427 nvsvc32.exe
14.12.2005 15:51 1.466.368 nview.dll
14.12.2005 15:51 35.328 nvcod.dll
14.12.2005 15:51 7.323.648 nvcpl.dll
14.12.2005 15:51 35.328 nvcodins.dll
14.12.2005 15:51 73.728 nvtuicpl.cpl
08.12.2005 14:56 65.536 QuickTimeVR.qtx
08.12.2005 14:56 49.152 QuickTime.qts
05.12.2005 18:09 2.323.664 d3dx9_28.dll
11.11.2005 05:23 581.632 rpcrt4.dll
09.11.2005 00:26 38.400 moveex.exe
05.11.2005 05:16 606.208 urlmon(2).dll
29.10.2005 01:50 86.016 pintool.exe
29.10.2005 01:50 26.112 bcsprsrc.dll
29.10.2005 01:25 151.552 ifxcardm.dll
29.10.2005 01:25 133.120 axaltocm.dll
28.10.2005 22:54 198.144 _psisdecd.dll
28.10.2005 17:40 96.792 basecsp.dll
21.10.2005 05:40 664.064 wininet(2).dll
21.10.2005 05:40 474.112 shlwapi(2).dll
21.10.2005 00:25 1.094.144 esent(2).dll
21.10.2005 00:25 1.094.144 esent.dll
17.10.2005 23:20 118.272 t2embed.dll
17.10.2005 23:20 80.896 fontsub.dll
12.10.2005 15:44 241.664 CmUCREye.exe
06.10.2005 17:42 241.664 CmUCRRm.exe
06.10.2005 05:08 1.839.616 win32k(2).sys
23.09.2005 08:28 32.768 netfxperf.dll
23.09.2005 08:28 150.016 mscorier.dll
23.09.2005 08:28 74.240 mscories.dll
23.09.2005 08:28 270.848 mscoree.dll
23.09.2005 08:28 83.456 dfshim.dll
23.09.2005 05:06 8.491.520 shell32(2).dll
23.09.2005 00:21 3.076.096 nvdisps.dll
23.09.2005 00:21 73.728 nvcpl.cpl
23.09.2005 00:21 700.416 nvcplui.exe
23.09.2005 00:21 1.171.456 nvcpluir.dll
23.09.2005 00:21 139.264 nvmccss.dll
23.09.2005 00:21 311.296 nvexpbar.dll
23.09.2005 00:21 3.629.056 nvgames.dll
23.09.2005 00:21 385.024 nvmobls.dll
23.09.2005 00:21 180.224 nvudisp.exe
23.09.2005 00:21 2.314.240 nvvitvs.dll
22.09.2005 17:38 180.224 NVUNINST.EXE
21.09.2005 09:53 1.650.688 cdintf250.dll
19.09.2005 17:00 28.737 CNAC4LMK.DLL
19.09.2005 17:00 184.320 CNAC4EMU.DLL
19.09.2005 17:00 98.367 CNAC4SMK.DLL
19.09.2005 17:00 28.672 CNAC4PTU.DLL
19.09.2005 17:00 57.407 CNAC4RPK.EXE
15.09.2005 06:05 185.344 ipsecsvc.dll
12.09.2005 17:32 15.086 CmUCRXD1_dis.ico
12.09.2005 17:32 15.086 CmUCRXD1_en.ico
10.09.2005 03:54 2.067.968 cdosys.dll
01.09.2005 03:44 292.352 winsrv(2).dll
01.09.2005 03:44 19.968 linkinfo.dll
30.08.2005 05:55 1.292.800 quartz.dll
23.08.2005 05:39 124.416 umpnpmgr.dll
23.08.2005 05:39 124.416 umpnpmgr(2).dll
22.08.2005 20:31 197.632 netman(2).dll
22.08.2005 20:31 197.632 netman.dll
04.08.2005 03:47 80.896 firewall.cpl
26.07.2005 06:39 37.888 olecnv32.dll
26.07.2005 06:39 397.824 rpcss(2).dll
26.07.2005 06:39 74.752 olecli32.dll
26.07.2005 06:39 397.824 rpcss.dll
26.07.2005 06:39 101.376 txflog.dll
26.07.2005 06:39 1.285.120 ole32(2).dll
26.07.2005 06:39 1.285.120 ole32.dll
26.07.2005 06:39 66.560 mtxclu(2).dll
26.07.2005 06:39 540.160 comuid.dll
26.07.2005 06:39 243.200 es(2).dll
26.07.2005 06:39 243.200 es.dll
26.07.2005 06:39 1.267.200 comsvcs(2).dll
26.07.2005 06:39 1.267.200 comsvcs.dll
26.07.2005 06:39 97.792 comrepl.dll
26.07.2005 06:39 498.688 clbcatq.dll
26.07.2005 06:39 60.416 colbact.dll
26.07.2005 06:39 60.416 colbact(2).dll
26.07.2005 06:39 498.688 clbcatq(2).dll
26.07.2005 06:39 110.080 clbcatex.dll
26.07.2005 06:39 625.152 catsrvut.dll
26.07.2005 06:39 225.792 catsrv.dll
19.07.2005 04:47 55.808 twext.dll
16.07.2005 01:48 40.960 ChCfg.exe
13.07.2005 11:42 15.086 CmUCRXP_dis.ico
13.07.2005 11:41 15.086 CmUCRXP_en.ico
12.07.2005 19:04 23.304 GWFSPidGen.dll
11.07.2005 12:48 11.502 CmUCRSMS_dis.ico
11.07.2005 12:41 10.910 CmUCRSMS_en.ico
11.07.2005 12:29 11.502 CmUCRXD_dis.ico
11.07.2005 12:28 11.502 CmUCRXD_en.ico
11.07.2005 12:21 11.502 CmUCRSD_dis.ico
11.07.2005 12:20
Seitenanfang Seitenende
02.05.2007, 22:41
...neu hier

Themenstarter

Beiträge: 6
#4 Hallo, liebe potecus-Leser!
Habe ein schlechtes Gewissen: Bin ich zu ungeduldig für Eure Hilfe-Antwort, hab' ich 'was vergessen oder habe ich gegen (unbekannte) Regeln verstoßen?
Bin für wirkungsvolle Hinweise oder Instruktionen zur Trojaner-Entfernung sehr dankbar.
Gruß Fedinand
Seitenanfang Seitenende
03.05.2007, 12:21
Moderator

Beiträge: 7805
#5 Nutze bitte vundofix: http://virus-protect.org/artikel/tools/vundofixx.html
und danach poste den Vundofix report und ein neues Combofix log.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
03.05.2007, 22:12
...neu hier

Themenstarter

Beiträge: 6
#6 Danke, Ralf,
weiter unten hier die gewünschten logs.

Hinweis: Seit Vundofix bekomme ich beim Hochfahren die Fehlermeldung
RUNDLL:
"Fehler beim Laden von C:\WINDOWS\system32\siklhetb.dll
Das angegebene Modul wurde nicht gefunden."
Kommt auch nach ComboFix immer wieder beim Hochfahren.

mfg
Ferdinand


Vundofix report (vundofix.txt):


VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 21:45:15 3.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\akehlhck.dll
C:\WINDOWS\system32\bpilheiv.ini
C:\WINDOWS\system32\btehlkis.ini
C:\WINDOWS\system32\cdtlacim.dll
C:\WINDOWS\system32\ckykpdtt.dll
C:\WINDOWS\system32\doctwqxc.dll
C:\WINDOWS\system32\fjwfqcam.dll
C:\WINDOWS\system32\gmyfhfgs.dll
C:\WINDOWS\system32\hkblxqbm.dll
C:\WINDOWS\system32\iffrvhut.dll
C:\WINDOWS\system32\inrgitfp.dll
C:\WINDOWS\system32\jarelsws.dll
C:\WINDOWS\system32\kchlheka.ini
C:\WINDOWS\system32\kmdtdbbg.dll
C:\WINDOWS\system32\macqfwjf.ini
C:\WINDOWS\system32\mqcxhpod.dll
C:\WINDOWS\system32\nbchhlrw.dll
C:\WINDOWS\system32\obbclaal.dll
C:\WINDOWS\system32\pftigrni.ini
C:\WINDOWS\system32\qgyduloo.dll
C:\WINDOWS\system32\siklhetb.dll
C:\WINDOWS\system32\sojhcpog.dll
C:\WINDOWS\system32\tuhvrffi.ini
C:\WINDOWS\system32\viehlipb.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\xunhlrim.dll
C:\WINDOWS\system32\ykxymghi.dll
C:\WINDOWS\system32\ysvummtf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\akehlhck.dll
C:\WINDOWS\system32\akehlhck.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bpilheiv.ini
C:\WINDOWS\system32\bpilheiv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\btehlkis.ini
C:\WINDOWS\system32\btehlkis.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdtlacim.dll
C:\WINDOWS\system32\cdtlacim.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckykpdtt.dll
C:\WINDOWS\system32\ckykpdtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\doctwqxc.dll
C:\WINDOWS\system32\doctwqxc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fjwfqcam.dll
C:\WINDOWS\system32\fjwfqcam.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmyfhfgs.dll
C:\WINDOWS\system32\gmyfhfgs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkblxqbm.dll
C:\WINDOWS\system32\hkblxqbm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iffrvhut.dll
C:\WINDOWS\system32\iffrvhut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\inrgitfp.dll
C:\WINDOWS\system32\inrgitfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jarelsws.dll
C:\WINDOWS\system32\jarelsws.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kchlheka.ini
C:\WINDOWS\system32\kchlheka.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kmdtdbbg.dll
C:\WINDOWS\system32\kmdtdbbg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\macqfwjf.ini
C:\WINDOWS\system32\macqfwjf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mqcxhpod.dll
C:\WINDOWS\system32\mqcxhpod.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbchhlrw.dll
C:\WINDOWS\system32\nbchhlrw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\obbclaal.dll
C:\WINDOWS\system32\obbclaal.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pftigrni.ini
C:\WINDOWS\system32\pftigrni.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgyduloo.dll
C:\WINDOWS\system32\qgyduloo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\siklhetb.dll
C:\WINDOWS\system32\siklhetb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sojhcpog.dll
C:\WINDOWS\system32\sojhcpog.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuhvrffi.ini
C:\WINDOWS\system32\tuhvrffi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\viehlipb.dll
C:\WINDOWS\system32\viehlipb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xunhlrim.dll
C:\WINDOWS\system32\xunhlrim.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ykxymghi.dll
C:\WINDOWS\system32\ykxymghi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ysvummtf.dll
C:\WINDOWS\system32\ysvummtf.dll Has been deleted!

Performing Repairs to the registry.
Done!



-----------------------------------------------------------------------
Combofix-log:

"Weidlinger" - 07-05-03 21:59:19 Service Pack 2
ComboFix 07-04-25.4V - Running from: "D:\Virus\ComboFix\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))


2007-05-03 21:45 <DIR> d-------- C:\VundoFix Backups
2007-05-03 07:02 572,352 ---hs---- C:\WINDOWS\system32\orutv.ini2
2007-05-01 07:32 570,861 ---hs---- C:\WINDOWS\system32\orutv.bak1
2007-04-30 11:13 668 --a------ C:\datFind.bat
2007-04-30 11:02 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-30 10:09 <DIR> d-------- C:\avenger
2007-04-29 23:58 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2
2007-04-29 19:47 <DIR> d-------- C:\Programme\HiJack
2007-04-29 19:32 <DIR> d-------- C:\Programme\RegCure
2007-04-28 07:10 284,244 --a------ C:\WINDOWS\system32\mlljg.dll
2007-04-23 23:31 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2
2007-04-23 17:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\LightScribe
2007-04-23 17:06 <DIR> d-------- C:\Programme\LightScribe Diagnostic Utility
2007-04-23 16:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2007-04-05 23:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech
2007-04-05 23:12 <DIR> d-------- C:\DOKUME~1\WEIDLI~1\ANWEND~1\Logitech
2007-04-05 23:06 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-04-05 23:06 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-04-05 23:06 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-05 23:06 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-04-05 23:06 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-05 23:06 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-04-05 23:06 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-05 23:06 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-05 23:06 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-05 23:05 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-05 23:05 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-04-05 23:05 <DIR> d-------- C:\Programme\Logitech
2007-04-05 23:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-05 22:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 00:29 -------- d-------- C:\Programme\microsoft money
2007-04-30 00:21 -------- d-------- C:\Programme\tuneup utilities 2006
2007-04-26 00:46 -------- d-------- C:\Programme\windows live toolbar
2007-04-25 23:55 499532 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-25 23:55 101154 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-19 16:50 -------- d-------- C:\Programme\designpro 2000
2007-04-05 23:06 -------- d--h----- C:\Programme\installshield installation information
2007-03-18 13:33 -------- d-------- C:\Programme\railroad tycoon ii - platinum
2007-03-18 12:08 -------- d-------- C:\Programme\tropico demo
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-04 20:40 8273 --a------ C:\DOKUME~1\WEIDLI~1\ANWEND~1\microsoft excel.jnl


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{08456E74-74AC-405E-BF46-6B950FC264F0} C:\WINDOWS\system32\vturo.dll [x]
{2F85D76C-0569-466F-A488-493E6BD0E955} C:\Programme\Windows Desktop Search\dsWebAllow.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CnOServerLauncher"="CNOServerLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 22:02:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-03 22:02:45
C:\ComboFix-quarantined-files.txt ... 07-05-03 22:02
C:\ComboFix2.txt ... 07-04-30 11:02

------------------------------------------------------------------------

ComboFix-quarantined-files.txt:

Code

06-07-20 08:05      32    --a------    C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqdb.dat.vir
06-07-20 08:05      32    --a------    C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqsdb.dat.vir
07-04-22 15:36      26678    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrppqn.dll.vir
07-04-22 15:45      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mprgnbfh.dll.vir
07-04-23 17:17      281172    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkji.dll.vir
07-04-23 17:17      353    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkmp.ini.vir
07-04-28 10:10      284244    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqpo.dll.vir
07-04-28 13:10      284244    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddayy.dll.vir
07-04-28 15:10      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\yiqwdcgt.dll.vir
07-04-30 09:55      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hbjvlvwg.dll.vir
07-04-30 09:59      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ukhkjtrc.dll.vir


Auflistung der Ordnerpfade fr Volume SYSTEM
Volumenummer: 2829-A5AE
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINDOWS
    |       +---DOWNLO~1
    |       |   \---Quarantine
    |       |           ppqdb.dat.vir
    |       |           ppqsdb.dat.vir
    |       |          
    |       \---system32
    |               ddayy.dll.vir
    |               hbjvlvwg.dll.vir
    |               ijkmp.ini.vir
    |               mprgnbfh.dll.vir
    |               pmkji.dll.vir
    |               rqrppqn.dll.vir
    |               ssqpo.dll.vir
    |               ukhkjtrc.dll.vir
    |               yiqwdcgt.dll.vir
    |              
    \---Registry_backups
Dieser Beitrag wurde am 03.05.2007 um 22:29 Uhr von Ferdinand-W editiert.
Seitenanfang Seitenende
03.05.2007, 22:56
Moderator

Beiträge: 7805
#7 Loesche bitte folgende Dateien:
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\qstwa.ini2

Danach bitte ein Hijackthis log posten. Falls sich eine der Dateien nicht loeschen laesst, sag bescheid.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
04.05.2007, 08:54
...neu hier

Themenstarter

Beiträge: 6
#8 Alle vorgenannten Dateien gingen anstandslos direkt zu löschen (ohne Umweg Papierkorb). In \system32 sind noch folgende Dateien:
orutv.ini
orutv.tmp
vybeg.tmp
qstwa.tmp

HijackThis hat beim Scannen unterbrochen und eine Fehlermeldung ausgegeben, habe scannen fortgesetzt und kein "fix" gemacht:

Logfile of HijackThis v1.99.1
Scan saved at 08:47:33, on 4.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Virus\HiJack\1_99_1.exe
C:\Programme\Windows Desktop Search\WindowsSearchFilter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08456E74-74AC-405E-BF46-6B950FC264F0} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Vorerst schaut's mal gut aus, Trojaner hat sich zwischenzeitlich noch nicht gemeldet.
Gruß Ferdinand
Seitenanfang Seitenende
04.05.2007, 09:20
Moderator

Beiträge: 7805
#9 Du solltest folgende Dinge anhaken und fix checked druecken:

O2 - BHO: (no name) - {08456E74-74AC-405E-BF46-6B950FC264F0} - C:\WINDOWS\system32\vturo.dll (file missing)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset

Starte neu und schaue, ob die EIntraege wirklich verschwunden sind.

Sofern du eine gueltige Kasperskylizenz hast, solltest du dir ueberlegen, ob du es nicht aktualisieren solltest. Kontrolliere, ob der Keay auch fuer die Version 6 funktioniert. INfos kannst du u.a. in deren Forum finden: http://forum.kaspersky.com/
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
04.05.2007, 18:23
...neu hier

Themenstarter

Beiträge: 6
#10 Lieber Ralf,
die beiden Einträge sind verschwunden.
Der Trojaner meldet sich nicht mehr und unerwünschte Web-Sites tun sich auch nicht mehr auf. Schon geschafft?
Natürlich hätte ich noch eine Unmenge Frage, wie zB was die unendlich vielen Logitech-Einträge im HighjackThis-log sollen, warum im Taskmanager die explorer.exe immer noch laufend Seitenfehler zählt obwohl der Explorer nicht geöffnet ist usw. usw.
Die wichtigste Frage ist aber, wie/wo kann man sich solches Wissen aneignen, um derartig verflochtene Probleme herauszufinden und zu beseitigen - jedenfalls bewundernswert.
Zu Kaspersky-AV: Meine Lizenz ist leider seit Februar abgelaufen und ich war zu faul um zu verlängern bzw. habe ich seit dem Trojaner keine Kreditkartendaten übers Netz schicken wollen. Werde dies rasch nachholen (hätte hier aber nichts vermieden, da ich mir die exe-Datei selber runtergeladen und aktiviert habe).
Sollte alles fertig sein, meinen besten und herzlichen Dank.
Auf Eurer Seite sollte es ja auch eine Donation-Möglichkeit geben - so viel und gekonnte Unterstützung verdient Belohnung.
Gruß, Ferdinand
Seitenanfang Seitenende
04.05.2007, 18:32
Moderator

Beiträge: 7805
#11 Das die explorer.exe laeuft ist normal. Sie sorgt fuer die Dasrstellung von u.a. der Taskleiste. Kill die explorer.exe im Taskmanager und du wirst es merken!;)


Durch einen Bug in der Logitech Software, sind dort nun einiges an O18 Eintraege. Am besten deinstalliere den ganzen Logitech kram.

Tja, wie man das lernen kann, ist eigentlich wie bei allen Dingen. Interesse zeigen,d ueben, ueben ueben und Google nutzen!;)


Achso, eine Donation Moeglichkeit gibt es. Schaue ganz unten auf die Seite bei Werbung/Spenden http://board.protecus.de/media.php
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: