drivecleaner, trojaner?

#1 hallo,
wie viele andere wurde ich auch von diesem drive cleaner befallen.
es tauchen immer irgendwelche seiten auf und ein winantiviruspro2006 will mir helfen. dann werden dauerhaft irgendwelche downloads geblockt. mein antivirenprogramm(bitdefender 8) ist seit kurzem auch nieder. er will einfach nicht mehr prüfen und hat keine verbindung zum dienst mehr.vor 20 minuten gings dann richtig los, denn jedes mal wenn ich eine audiofile öffnen möchte, sagt mein windows:es wurde ein problem festgestellt und der windowsmediaplayer schließt.
ich habe für solche scherze keinerlei zeit im moment und möchte diesen virus oder was auch immer schnellst möglich wieder weg haben. man sollte diese urheber echt mal an die wand nageln,....naja, wäre sehr dankbar für eure hilfe.

Clean UP, hab ich schon durchlaufen lasssen, und den combofix auch. hier wäre mal meine hijackhis logfile. danke nochmal.

Logfile of HijackThis v1.99.1
Scan saved at 19:18:23, on 01.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\fuggkckf.exe
C:\Programme\M-Audio\Black Box\MAUSBBBInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Programme\ICQLite\ICQLite.exe
D:\Dokumente und Einstellungen\Danny\Desktop\all\notfall\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\ger.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Ruls] "C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" -vt yazb
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Programme\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programme\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O20 - AppInit_DLLs: sockspy.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fuggkckf.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: M-Audio BlackBox Installer (MAudioBlackBoxService) - Avid Technology, Inc. - C:\Programme\M-Audio\Black Box\MAUSBBBInst.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#2 Punkt:1 und 2 http://board.protecus.de/t23188.htm

Und
Download: RemoveVideoActiveXObject by Smeenk,zum Desktop
Danach dopplelklicken
Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun
Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken
Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht
__________
MfG Argus

#3 danke für die schnelle antwort. hab alles abgearbeitet. Hier sind die Ergebnisse:

ComboFix 07-06-18.2 - D:\Dokumente und Einstellungen\Danny\Desktop\ComboFix.exe
"Danny" - 2007-07-01 21:40:08 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\jkklm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\retadpu1000272.exe
D:\DOKUME~1\Danny\Desktop.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 12:35 128,576 --a------ C:\WINDOWS\system32\xqqslbjr.dll
2007-07-01 12:32 122,944 --a------ C:\WINDOWS\system32\rhmfryuf.exe
2007-06-30 13:49 31,254 --a------ C:\WINDOWS\system32\vtusssp.dll
2007-06-30 13:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 12:40 2,624 --a------ C:\WINDOWS\system32\ebgejber.exe
2007-06-30 12:37 66,112 --a------ C:\WINDOWS\system32\anpwwkdm.dll
2007-06-30 12:34 128,576 --a------ C:\WINDOWS\system32\skbnicxm.dll
2007-06-30 12:32 122,944 --a------ C:\WINDOWS\system32\fuggkckf.exe
2007-06-30 12:28 11,776 --a------ C:\WINDOWS\mgrs.exe
2007-06-30 00:26 31,254 --a------ C:\WINDOWS\system32\khffebc.dll
2007-06-30 00:15 31,254 --a------ C:\WINDOWS\system32\yayabay.dll
2007-06-30 00:09 31,254 --a------ C:\WINDOWS\system32\opnlijj.dll
2007-06-30 00:09 306,392 --a------ C:\WINDOWS\system32\netsh.dll
2007-06-30 00:09 124,632 --a------ C:\ynudp.exe
2007-06-30 00:08 93,696 --a------ C:\WINDOWS\system32\drvjin.dll
2007-06-30 00:08 56,832 --a------ D:\DOKUME~1\ALLUSE~1\ANWEND~1\zmbwhsnk.exe
2007-06-30 00:08 31,254 --a------ C:\WINDOWS\system32\urqnkji.dll
2007-06-30 00:08 31,254 --a------ C:\WINDOWS\system32\ljjhhig.dll
2007-06-29 23:57 <DIR> d-------- C:\Programme\utorrent
2007-06-29 23:54 <DIR> d-------- D:\DOKUME~1\Danny\ANWEND~1\uTorrent
2007-06-29 23:40 99,576 --a------ C:\WINDOWS\system32\MabryObj.dll
2007-06-29 23:40 81,920 --a------ C:\WINDOWS\system32\txtls32.dll
2007-06-29 23:40 69,632 --a------ C:\WINDOWS\system32\ic32.dll
2007-06-29 23:40 61,440 --a------ C:\WINDOWS\system32\wndtls32.dll
2007-06-29 23:40 446,464 --a------ C:\WINDOWS\system32\Tx32.dll
2007-06-29 23:40 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-06-29 23:40 35,840 --a------ C:\WINDOWS\system32\lttwn12n.dll
2007-06-29 23:40 35,328 --a------ C:\WINDOWS\system32\lfgif12n.dll
2007-06-29 23:40 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-06-29 23:40 327,680 --a------ C:\WINDOWS\system32\txobj32.dll
2007-06-29 23:40 323,584 --a------ C:\WINDOWS\system32\tx_word.dll
2007-06-29 23:40 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-06-29 23:40 279,800 --a------ C:\WINDOWS\system32\FtpX.DLL
2007-06-29 23:40 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-06-29 23:40 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-06-29 23:40 173,304 --a------ C:\WINDOWS\system32\MimeX.dll
2007-06-29 23:40 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-06-29 23:40 152,824 --a------ C:\WINDOWS\system32\EncodeX.dll
2007-06-29 23:40 135,168 --a------ C:\WINDOWS\system32\tx_htm32.dll
2007-06-29 23:40 132,344 --a------ C:\WINDOWS\system32\PopX.dll
2007-06-29 23:40 131,072 --a------ C:\WINDOWS\system32\tx_rtf32.dll
2007-06-29 23:40 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-06-29 21:25 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-06-29 21:23 626,688 --a------ C:\WINDOWS\DBREG.dll
2007-06-29 21:23 131,584 --a------ C:\WINDOWS\DBReg.exe
2007-06-24 16:56 <DIR> d-------- C:\Programme\MSECache
2007-06-10 16:32 <DIR> d-------- C:\Local Publish
2007-06-03 14:57 <DIR> d-------- D:\DOKUME~1\Danny\ANWEND~1\Graphisoft
2007-06-03 11:05 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2007-06-03 11:05 <DIR> d-------- D:\DOKUME~1\Danny\Graphisoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 23:28:29 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\Xfire
2007-06-30 14:30:15 1,868,944 ----a-w C:\WINDOWS\system32\RSA32_16.DLL
2007-06-30 11:42:11 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\BearShare
2007-06-30 10:27:24 97,216 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-10 14:23:27 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-10 10:02:10 -------- d-----w C:\Programme\Image-Line
2007-06-08 14:28:09 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\teamspeak2
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 13:49:36 -------- d-----w C:\Programme\Vstep
2007-04-30 11:20:58 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2007-04-30 11:20:58 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\anpwwkdm.dll [2007-06-30 12:37]
{277F920B-58C6-4976-A01D-11897928A12F}=C:\WINDOWS\system32\vcscript.dll [2006-11-26 17:51]
{A6807262-1D7A-44AB-947B-23B71E97915C}=C:\WINDOWS\system32\ljjhhig.dll [2007-06-30 00:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\ALCMTR.EXE]
"ATICCC"="c:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 17:48]
"BDNewsAgent"="C:\Programme\Softwin\BitDefender8\bdnagent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]
"DJ Console Mk2"="C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 11:50]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-12-20 09:35]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-12-20 09:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ruls"="C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"="C:\WINDOWS\system32\ljjhhig.dll" [2007-06-30 00:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhig]
ljjhhig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Programme\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Black Box Helper]
C:\Programme\M-Audio\Black Box\BlackBoxHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"D:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Apps\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\programme\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxMediaDB"=3 (0x3)
"omniserv"=2 (0x2)
"AOL ACS"=2 (0x2)
"RoxWatch"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439ecaac-17df-11db-86bd-00038a000015}]
AutoRun\command- L:\pushinst.exe


Contents of the 'Scheduled Tasks' folder
2006-01-14 22:44:43 C:\WINDOWS\tasks\HDReg.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 21:43:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 21:46:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 21:46
C:\ComboFix2.txt ... 2007-06-30 13:55

--- E O F ---



und hier das andere:

----------------RemoveVideoActiveXObject.exe first run-------------

Files found:

C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\d3dx.dat

Uninstallers Rogue scanners:


Folders Found:


--------------RemoveVideoActiveXObject.exe last run---------------

Files found:

C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\d3dx.dat

Uninstallers Rogue scanners:


Folders Found:

#4 Entferne auf C:\
Qoobox
RVAXO-results.log

Download VundoFix zum Desktop
Doppelklick auf VundoFix.exe um das Tool zu starten
Klicke “Scan for Vundo”
Wenn der scan vorueber ist klicke “Remove Vundo”
Wenn man die Meldung kommt “remove”,klicke Yes
Danach werden alle Desktop-Symbole verschwinden
Dann wird man gefragt,ob der PC neustarten soll,klicke OK
Kopiere den Inhalt des Berichts “C:\vundofix.txt
der jetzt auf dein Desktop steht in diesen Thread

Note:
Es ist moeglich das eine Datei von VundoFix nicht entfernt werden kann
wenn dies der fall ist wird nach neustart des Rechners Vundufix neu starten
und muss die Prozedur des scannens wiederholt werden!
Klicke “Scan for Vundo”

Und ein neuer log von C:\combofix.txt
__________
MfG Argus

#5 ok....


VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 22:20:30 01.07.2007

Listing files found while scanning....

C:\windows\system32\anpwwkdm.dll
C:\WINDOWS\system32\bcbeg.ini
C:\windows\system32\ebgejber.exe
C:\windows\system32\fuggkckf.exe
C:\WINDOWS\system32\gebcb.dll
C:\windows\system32\khffebc.dll
C:\windows\system32\ljjhhig.dll
C:\windows\system32\mxcinbks.ini
C:\windows\system32\opnlijj.dll
C:\windows\system32\rhmfryuf.exe
C:\windows\system32\skbnicxm.dll
C:\windows\system32\urqnkji.dll
C:\windows\system32\vtusssp.dll
C:\windows\system32\xqqslbjr.dll
C:\windows\system32\yayabay.dll

Beginning removal...

Attempting to delete C:\windows\system32\anpwwkdm.dll
C:\windows\system32\anpwwkdm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\ebgejber.exe
C:\windows\system32\ebgejber.exe Has been deleted!

Attempting to delete C:\windows\system32\fuggkckf.exe
C:\windows\system32\fuggkckf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\windows\system32\khffebc.dll
C:\windows\system32\khffebc.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhhig.dll
C:\windows\system32\ljjhhig.dll Could not be deleted.

Attempting to delete C:\windows\system32\mxcinbks.ini
C:\windows\system32\mxcinbks.ini Has been deleted!

Attempting to delete C:\windows\system32\opnlijj.dll
C:\windows\system32\opnlijj.dll Has been deleted!

Attempting to delete C:\windows\system32\rhmfryuf.exe
C:\windows\system32\rhmfryuf.exe Has been deleted!

Attempting to delete C:\windows\system32\skbnicxm.dll
C:\windows\system32\skbnicxm.dll Has been deleted!

Attempting to delete C:\windows\system32\urqnkji.dll
C:\windows\system32\urqnkji.dll Has been deleted!

Attempting to delete C:\windows\system32\vtusssp.dll
C:\windows\system32\vtusssp.dll Has been deleted!

Attempting to delete C:\windows\system32\xqqslbjr.dll
C:\windows\system32\xqqslbjr.dll Has been deleted!

Attempting to delete C:\windows\system32\yayabay.dll
C:\windows\system32\yayabay.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 22:23:53 01.07.2007

Listing files found while scanning....

C:\windows\system32\ljjhhig.dll

Beginning removal...

Attempting to delete C:\windows\system32\ljjhhig.dll
C:\windows\system32\ljjhhig.dll Has been deleted!

Performing Repairs to the registry.
Done!



und....



ComboFix 07-06-18.2 - D:\Dokumente und Einstellungen\Danny\Desktop\ComboFix.exe
"Danny" - 2007-07-01 22:29:44 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 22:20 <DIR> d-------- C:\VundoFix Backups
2007-07-01 21:50 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-06-30 13:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 12:28 11,776 --a------ C:\WINDOWS\mgrs.exe
2007-06-30 00:09 306,392 --a------ C:\WINDOWS\system32\netsh.dll
2007-06-30 00:09 124,632 --a------ C:\ynudp.exe
2007-06-30 00:08 93,696 --a------ C:\WINDOWS\system32\drvjin.dll
2007-06-30 00:08 56,832 --a------ D:\DOKUME~1\ALLUSE~1\ANWEND~1\zmbwhsnk.exe
2007-06-29 23:57 <DIR> d-------- C:\Programme\utorrent
2007-06-29 23:54 <DIR> d-------- D:\DOKUME~1\Danny\ANWEND~1\uTorrent
2007-06-29 23:40 99,576 --a------ C:\WINDOWS\system32\MabryObj.dll
2007-06-29 23:40 81,920 --a------ C:\WINDOWS\system32\txtls32.dll
2007-06-29 23:40 69,632 --a------ C:\WINDOWS\system32\ic32.dll
2007-06-29 23:40 61,440 --a------ C:\WINDOWS\system32\wndtls32.dll
2007-06-29 23:40 446,464 --a------ C:\WINDOWS\system32\Tx32.dll
2007-06-29 23:40 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-06-29 23:40 35,840 --a------ C:\WINDOWS\system32\lttwn12n.dll
2007-06-29 23:40 35,328 --a------ C:\WINDOWS\system32\lfgif12n.dll
2007-06-29 23:40 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-06-29 23:40 327,680 --a------ C:\WINDOWS\system32\txobj32.dll
2007-06-29 23:40 323,584 --a------ C:\WINDOWS\system32\tx_word.dll
2007-06-29 23:40 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-06-29 23:40 279,800 --a------ C:\WINDOWS\system32\FtpX.DLL
2007-06-29 23:40 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-06-29 23:40 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-06-29 23:40 173,304 --a------ C:\WINDOWS\system32\MimeX.dll
2007-06-29 23:40 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-06-29 23:40 152,824 --a------ C:\WINDOWS\system32\EncodeX.dll
2007-06-29 23:40 135,168 --a------ C:\WINDOWS\system32\tx_htm32.dll
2007-06-29 23:40 132,344 --a------ C:\WINDOWS\system32\PopX.dll
2007-06-29 23:40 131,072 --a------ C:\WINDOWS\system32\tx_rtf32.dll
2007-06-29 23:40 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-06-29 21:25 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-06-29 21:23 626,688 --a------ C:\WINDOWS\DBREG.dll
2007-06-29 21:23 131,584 --a------ C:\WINDOWS\DBReg.exe
2007-06-24 16:56 <DIR> d-------- C:\Programme\MSECache
2007-06-10 16:32 <DIR> d-------- C:\Local Publish
2007-06-03 14:57 <DIR> d-------- D:\DOKUME~1\Danny\ANWEND~1\Graphisoft
2007-06-03 11:05 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2007-06-03 11:05 <DIR> d-------- D:\DOKUME~1\Danny\Graphisoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 23:28:29 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\Xfire
2007-06-30 14:30:15 1,868,944 ----a-w C:\WINDOWS\system32\RSA32_16.DLL
2007-06-30 11:42:11 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\BearShare
2007-06-30 10:27:24 97,216 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-10 14:23:27 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-10 10:02:10 -------- d-----w C:\Programme\Image-Line
2007-06-08 14:28:09 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\teamspeak2
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 13:49:36 -------- d-----w C:\Programme\Vstep
2007-04-30 11:20:58 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2007-04-30 11:20:58 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{277F920B-58C6-4976-A01D-11897928A12F}=C:\WINDOWS\system32\vcscript.dll [2006-11-26 17:51]
{2F56D762-671B-43C6-BEFC-F07EC08FFAB4}=C:\WINDOWS\system32\gebcb.dll []
{A6807262-1D7A-44AB-947B-23B71E97915C}=C:\WINDOWS\system32\ljjhhig.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="c:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 17:48]
"BDNewsAgent"="C:\Programme\Softwin\BitDefender8\bdnagent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]
"DJ Console Mk2"="C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 11:50]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-12-20 09:35]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-12-20 09:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ruls"="C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"="C:\WINDOWS\system32\ljjhhig.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Programme\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Black Box Helper]
C:\Programme\M-Audio\Black Box\BlackBoxHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"D:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Apps\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\programme\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxMediaDB"=3 (0x3)
"omniserv"=2 (0x2)
"AOL ACS"=2 (0x2)
"RoxWatch"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439ecaac-17df-11db-86bd-00038a000015}]
AutoRun\command- L:\pushinst.exe


Contents of the 'Scheduled Tasks' folder
2006-01-14 22:44:43 C:\WINDOWS\tasks\HDReg.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 22:31:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 22:31:45
C:\ComboFix-quarantined-files.txt ... 2007-07-01 21:46
C:\ComboFix2.txt ... 2007-07-01 21:46
C:\ComboFix3.txt ... 2007-06-30 13:55

--- E O F ---


....wow, momentan scheint wieder alles in ordnung zu sein:-)
vieeeelen dank schonmal, allerdings will mien bitdefender immer noch nicht prüfen!wahrscheinlich hat dies dann aber nichts mit dem drivecleaner zu tun gehabt? gruß

#6 Entferne
C:\VundoFix Backups
C:\WINDOWS\system32\remove.exe

Scanne mit DrWeb http://board.protecus.de/t29350.htm
__________
MfG Argus

#7 ok, zum anfang hat der dr einen virus(vy...dll) gefunden und desinfiziert.im abgesicherten modus fand er keinen virus.
der bitdefender funkt immer noch nicht. ich denke ich werde mir offline eine neue version zulegen. für den fall,dass es das war, bedanke ich mich noch einmal recht herzlich.

#8 Du kannst auch ein Onlinescan machen http://support.f-secure.com/enu/home/ols.shtml
__________
MfG Argus

#9 momentan ist alles soweit wieder in ordnung.(kein drivecleaner und co).
allerdings kam jetzt ein neues problem hinzu:
jedes 4te mal wenn ich einen ordner oder sonst etwas mit dem exporer(rechts klick) ausführen möchte erscheint ein fenster:
Datenausführungsverhinderung - microsoft windows
dieses programm wurde aus sicherheitsgründen geschlossen.
name: windows explorer ....und alles,wirklich alles, schließt.
in manchen foren steht, dass man "eine Art Ausnahme für das Programm von der DEP-Fehlermeldung" einstellen kann. sollte ich das machen oder soll ich das gerade wegen dem virus von gestern lassen?
ps: mein bitdefender läuft grad nicht.
danke im voraus

#10 Pruefe diese Dateien bitte bie Jotti oder Virustotal die sind alle verdaechtig:

2007-07-01 21:50 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-06-30 12:28 11,776 --a------ C:\WINDOWS\mgrs.exe
2007-06-30 00:09 306,392 --a------ C:\WINDOWS\system32\netsh.dll
2007-06-30 00:09 124,632 --a------ C:\ynudp.exe
2007-06-30 00:08 93,696 --a------ C:\WINDOWS\system32\drvjin.dll
2007-06-30 00:08 56,832 --a------ D:\DOKUME~1\ALLUSE~1\ANWEND~1\zmbwhsnk.exe
__________
MfG Ralf
SEO-Spam Hunter

#11 ok....
die remove.exe hatte ich ja schon gelöscht,
virustotal hat tatsächlich in jeder der angegebenen dateien einen virus bzw mehrere gefunden. ich habe alle dateien gelöscht.
das problem besteht allerdings weiterhin
gruß

#12 Entferne ComboFix und lade die letzte version runter
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Poste nochmal ein neuer log von ComboFix,Hijack This
__________
MfG Argus

#13 tut mir leid, aber es ging nicht früher. hier ist die neue logfile von combofix:


"Danny" - 2007-07-05 11:31:36 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{277F920B-58C6-4976-A01D-11897928A12F}=C:\WINDOWS\system32\vcscript.dll []
{2F56D762-671B-43C6-BEFC-F07EC08FFAB4}=C:\WINDOWS\system32\gebcb.dll []
{A6807262-1D7A-44AB-947B-23B71E97915C}=C:\WINDOWS\system32\ljjhhig.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="c:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 17:48]
"BDNewsAgent"="C:\Programme\Softwin\BitDefender8\bdnagent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]
"DJ Console Mk2"="C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 11:50]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-12-20 09:35]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-12-20 09:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ruls"="C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"="C:\WINDOWS\system32\ljjhhig.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Programme\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Black Box Helper]
C:\Programme\M-Audio\Black Box\BlackBoxHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"D:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Apps\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\programme\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxMediaDB"=3 (0x3)
"omniserv"=2 (0x2)
"AOL ACS"=2 (0x2)
"RoxWatch"=2 (0x2)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439ecaac-17df-11db-86bd-00038a000015}]
AutoRun\command- L:\pushinst.exe


Contents of the 'Scheduled Tasks' folder
2006-01-14 22:44:43 C:\WINDOWS\tasks\HDReg.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 11:33:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-05 11:33:59
C:\ComboFix-quarantined-files.txt ... 2007-07-01 21:46
C:\ComboFix2.txt ... 2007-07-01 22:31
C:\ComboFix3.txt ... 2007-07-01 21:46

--- E O F ---




HijackThis Logfile:


Logfile of HijackThis v1.99.1
Scan saved at 11:39:39, on 05.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\M-Audio\Black Box\MAUSBBBInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
D:\Dokumente und Einstellungen\Danny\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\ger.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {277F920B-58C6-4976-A01D-11897928A12F} - C:\WINDOWS\system32\vcscript.dll (file missing)
O2 - BHO: (no name) - {2F56D762-671B-43C6-BEFC-F07EC08FFAB4} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ljjhhig.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Ruls] "C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" -vt yazb
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Programme\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programme\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O20 - AppInit_DLLs: sockspy.dll
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: M-Audio BlackBox Installer (MAudioBlackBoxService) - Avid Technology, Inc. - C:\Programme\M-Audio\Black Box\MAUSBBBInst.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#14 Hake in Hijackthis folgende Ding an und druecke fix checked:

O2 - BHO: (no name) - {277F920B-58C6-4976-A01D-11897928A12F} - C:\WINDOWS\system32\vcscript.dll (file missing)
O2 - BHO: (no name) - {2F56D762-671B-43C6-BEFC-F07EC08FFAB4} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ljjhhig.dll (file missing)
O4 - HKCU\..\Run: [Ruls] "C:\WINDOWS\system32\ECURIT~1\taskmgr.exe" -vt yazb


starte neu und da du eine veraltete Version von Combofix nutzt, lade dir eine neue Combofix.exe von http://download.bleepingcomputer.com/sUBs/ComboFix.exe herunter und erstelle mit dieser einen neuen report.
__________
MfG Ralf
SEO-Spam Hunter

#15 ok

"Danny" - 2007-07-05 14:10:26 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


2007-07-01 23:36 <DIR> d-------- D:\DOKUME~1\Danny\DoctorWeb
2007-06-30 13:45 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 23:57 <DIR> d-------- C:\Programme\utorrent
2007-06-29 23:54 <DIR> d-------- D:\DOKUME~1\Danny\ANWEND~1\uTorrent
2007-06-29 23:40 279,800 --a------ C:\WINDOWS\system32\FtpX.DLL
2007-06-29 21:25 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-06-24 16:56 <DIR> d-------- C:\Programme\MSECache
2007-06-10 16:32 <DIR> d-------- C:\Local Publish


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 12:07:08 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\Xfire
2007-07-03 16:10:35 89,264 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-07-02 20:30:11 89,264 ----a-w D:\DOKUME~1\Danny\ANWEND~1\GDIPFONTCACHEV1.DAT
2007-06-30 14:30:15 1,868,944 ----a-w C:\WINDOWS\system32\RSA32_16.DLL
2007-06-30 11:42:11 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\BearShare
2007-06-10 14:23:27 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-10 10:02:10 -------- d-----w C:\Programme\Image-Line
2007-06-08 14:28:09 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\teamspeak2
2007-06-03 12:08:56 -------- d-----w D:\DOKUME~1\Danny\ANWEND~1\Graphisoft
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 13:49:36 -------- d-----w C:\Programme\Vstep
2007-04-30 11:20:58 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2007-04-30 11:20:58 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="c:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 17:48]
"BDNewsAgent"="C:\Programme\Softwin\BitDefender8\bdnagent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]
"DJ Console Mk2"="C:\Programme\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 11:50]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-12-20 09:35]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-12-20 09:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Programme\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Black Box Helper]
C:\Programme\M-Audio\Black Box\BlackBoxHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"D:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Apps\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\programme\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxMediaDB"=3 (0x3)
"omniserv"=2 (0x2)
"AOL ACS"=2 (0x2)
"RoxWatch"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439ecaac-17df-11db-86bd-00038a000015}]
AutoRun\command- L:\pushinst.exe


Contents of the 'Scheduled Tasks' folder
2006-01-14 22:44:43 C:\WINDOWS\tasks\HDReg.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 14:15:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-05 14:16:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-05 14:16
C:\ComboFix2.txt ... 2007-07-05 11:33
C:\ComboFix3.txt ... 2007-07-01 22:31

--- E O F ---