Home » Viren, Trojaner & Malware Forum » Evtl. Virusbefahl? Bitte um Auswertung. » Themenansicht

Evtl. Virusbefahl? Bitte um Auswertung.
#0
29.07.2007, 15:36
viomaticus
...neu hier

Beiträge: 5
#1 So ich habe den Sticky Thread abgearbeitet, hoffe ist alles richtig.

Mein Problem ich bekomme manchmal eine schannel.dll fehler Meldung und desweiteren ist mein PC manchmal ziemlich langsam vorallem beim hochfahren.

Hier meine Logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:29, on 29.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\avguard32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\WinTV\Ir.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tobias\Desktop\Neuer Ordner\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {600BE137-52FA-43A9-ABD3-BD6E0865A364} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Programme\Rapidown\rapi310.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\programme\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [great bin] C:\DOKUME~1\Tobias\ANWEND~1\OBJATO~1\REFMULTICORN.exe
O4 - HKCU\..\Run: [Meine Bilder] C:\WINDOWS\system32\avguard32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIA7] "C:\Programme\Steganos Internet Anonym 7\sia7.exe" -firstboot (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIA7] "C:\Programme\Steganos Internet Anonym 7\sia7.exe" -firstboot (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIA7] "C:\Programme\Steganos Internet Anonym 7\sia7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIA7] "C:\Programme\Steganos Internet Anonym 7\sia7.exe" -firstboot (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1010681460577
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89911C27-2B10-4B2D-924D-F01E4190107E}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C65A2F39-2C32-4BC1-AD2D-F136F715E1DB}: NameServer = 192.168.178.1
O18 - Protocol: bw+0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B1B4E53B-1319-417B-A912-060545230FF4} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 19813 bytes


"Tobias" - 2007-07-29 15:27:59 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 15:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 16:37 <DIR> d-------- C:\DOKUME~1\Tobias\Contacts
2007-07-28 16:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-28 16:30 <DIR> d-------- C:\Programme\Windows Live Toolbar
2007-07-28 16:30 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Live Toolbar
2007-07-28 16:29 <DIR> d-------- C:\Programme\MSN Messenger
2007-07-28 00:17 52,224 --a------ C:\WINDOWS\system32\jpg.dll
2007-07-27 21:28 <DIR> d-------- C:\Programme\Azureus
2007-07-27 21:28 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\Azureus
2007-07-27 20:52 12,003 --a------ C:\WINDOWS\system32\zlib.dll
2007-07-27 17:52 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\WinRAR
2007-07-27 15:55 <DIR> d-------- C:\Programme\No-IP
2007-07-26 16:08 <DIR> d-------- C:\Programme\AV Vcs 5.5 DIAMOND
2007-07-26 12:44 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\Steganos Internet Anonym 7
2007-07-26 12:39 <DIR> d-------- C:\Programme\Steganos Internet Anonym 7
2007-07-26 12:39 <DIR> d-------- C:\Programme\Secure Surfing Engine
2007-07-25 15:18 1,695 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-25 10:37 48,740 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-25 10:32 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-07-25 09:36 <DIR> d-------- C:\Programme\Rapidown
2007-07-23 15:08 <DIR> d-------- C:\Programme\ICQToolbar
2007-07-23 15:08 <DIR> d-------- C:\Programme\ICQ6
2007-07-23 15:07 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\InstallShield
2007-07-23 14:57 <DIR> d-------- C:\DOKUME~1\Eric\ANWEND~1\ICQLite
2007-07-23 14:57 <DIR> d-------- C:\DOKUME~1\Eric\ANWEND~1\ICQ Toolbar
2007-07-22 15:33 <DIR> d-------- C:\Programme\mm.BOT
2007-07-22 15:32 <DIR> d-------- C:\WINDOWS\mm.BOT
2007-07-21 10:53 <DIR> d-------- C:\WINDOWS\system32\Color
2007-07-20 15:04 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-07-20 15:03 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-07-20 15:03 <DIR> d-------- C:\Programme\TechSmith
2007-07-20 15:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TechSmith
2007-07-17 20:10 51,733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-07-17 20:10 1,522,905 --a------ C:\WINDOWS\system32\msvb.exe
2007-07-17 20:01 71,168 --a------ C:\WINDOWS\system32\ijl11.dll
2007-07-17 20:00 52,736 --a------ C:\WINDOWS\system32\passview.dll
2007-07-17 13:57 <DIR> d-------- C:\Programme\SQLyog Community
2007-07-17 13:57 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\SQLyog
2007-07-16 14:49 <DIR> d-------- C:\Programme\WinPcap
2007-07-15 20:08 249,856 --------- C:\WINDOWS\Setup1.exe
2007-07-15 20:08 <DIR> d-------- C:\Programme\Hero Editor
2007-07-15 20:06 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-07-15 20:05 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-13 09:44 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
2007-07-12 18:18 50,520 --a------ C:\WINDOWS\system32\csvidcap.dll
2007-07-12 15:44 299,520 --a------ C:\WINDOWS\uninst.exe
2007-07-12 15:44 <DIR> d-------- C:\DOKUME~1\Tobias\WINDOWS
2007-07-12 14:44 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-12 14:43 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-07-12 14:43 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-07-12 14:43 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-07-12 14:37 33,133 --a------ C:\WINDOWS\DIIUnin.dat
2007-07-12 14:37 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-07-12 14:37 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2007-07-12 14:33 <DIR> d-------- C:\Programme\Diablo II
2007-07-11 17:17 <DIR> d-------- C:\Programme\Sync Manager Demo
2007-07-10 14:55 <DIR> d-------- C:\Programme\SHOUTcast
2007-07-07 11:02 <DIR> d-------- C:\Antrix
2007-07-06 16:02 <DIR> d-------- C:\Programme\PremiumSoft
2007-07-06 15:37 <DIR> d-------- C:\Mangos
2007-07-06 15:31 <DIR> d-------- C:\xampp
2007-07-05 13:11 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\ICQ
2007-07-03 17:40 <DIR> d-------- C:\Programme\Skype
2007-07-03 17:40 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-07-03 17:40 <DIR> d-------- C:\DOKUME~1\Tobias\ANWEND~1\Skype
2007-07-03 17:39 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-06-29 02:01 88,696 --a------ C:\WINDOWS\system32\Packet.dll
2007-06-29 02:01 68,224 --a------ C:\WINDOWS\system32\WanPacket.dll
2007-06-29 02:01 53,299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2007-06-29 02:01 42,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-06-29 02:01 240,240 --a------ C:\WINDOWS\system32\wpcap.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 20:02:17 -------- d-----w C:\DOKUME~1\Tobias\ANWEND~1\LimeWire
2007-07-25 08:37:23 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-07-25 08:11:46 -------- d-----w C:\Programme\PDF Editor 2
2007-07-24 17:33:51 -------- d-----w C:\Programme\HLSW
2007-07-23 16:50:51 -------- d-----w C:\DOKUME~1\Tobias\ANWEND~1\teamspeak2
2007-07-23 13:08:44 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-07-21 18:04:34 -------- d-----w C:\Programme\LimeWire
2007-07-20 11:28:34 -------- d-----w C:\Programme\World of Warcraft
2007-07-18 12:34:05 -------- d-----w C:\DOKUME~1\Tobias\ANWEND~1\Hamachi
2007-07-18 11:49:16 -------- d-----w C:\Programme\AlienGUIse
2007-07-18 08:56:29 -------- d-----w C:\Programme\cFosSpeed
2007-07-18 08:56:28 -------- d-----w C:\Programme\TuneUp Utilities 2007
2007-07-12 11:34:32 2,434 ----a-w C:\WINDOWS\mozver.dat
2007-07-12 11:34:32 -------- d-----w C:\Programme\DivX
2007-07-12 08:12:55 53,248 ----a-w C:\WINDOWS\system32\css.dll
2007-07-11 15:22:30 -------- d-----w C:\Programme\Ringz Studio
2007-07-11 14:48:51 -------- d-----w C:\Programme\Winamp
2007-07-08 18:49:04 -------- d-----w C:\Programme\Gamers.IRC
2007-07-07 08:19:44 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-07-06 13:08:21 -------- d-----w C:\Programme\MySQL
2007-06-24 17:55:11 -------- d-----w C:\Programme\Ventrilo
2007-06-24 17:54:59 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-23 10:33:48 -------- d-----w C:\Programme\Teamspeak2_RC2
2007-06-23 08:38:46 -------- d-----w C:\DOKUME~1\Tobias\ANWEND~1\ATI
2007-06-23 08:35:48 -------- d-----w C:\Programme\ATI Technologies
2007-06-23 08:21:03 -------- d-----w C:\Programme\MyPhoneExplorer
2007-06-23 08:21:03 -------- d-----w C:\Programme\Mangos
2007-06-23 08:21:02 -------- d-----w C:\Programme\FlashFXP
2007-06-20 17:04:25 73,216 ----a-w C:\WINDOWS\cadkasdeinst01.exe
2007-06-18 15:46:11 76,212 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-06-18 15:46:11 419,300 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-18 15:45:16 -------- d-----w C:\Programme\avmwlanstick
2007-06-18 15:44:56 -------- d-----w C:\Programme\AVM_update
2007-06-18 15:01:26 -------- d-----w C:\DOKUME~1\Tobias\ANWEND~1\Media Player Classic
2007-06-14 07:19:57 -------- d-----w C:\Programme\vtplus
2007-06-14 07:19:48 -------- d-----w C:\Programme\WinTV
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 06:59:39 164 ----a-w C:\install.dat
2001-08-18 14:00:00 279,983 --sh--w C:\WINDOWS\system32\avguard32.exe
2001-08-18 14:00:00 300,963 --sh--w C:\WINDOWS\system32\clfmon.exe
2001-08-18 14:00:00 278,981 --sh--w C:\WINDOWS\system32\ntoskrnl32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{600BE137-52FA-43A9-ABD3-BD6E0865A364}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVMWlanClient"="C:\Programme\avmwlanstick\FRITZWLANMini.exe" [2006-03-01 13:35]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"great bin"="C:\DOKUME~1\Tobias\ANWEND~1\OBJATO~1\REFMULTICORN.exe" []
"Meine Bilder"="C:\WINDOWS\system32\avguard32.exe" [2001-08-18 16:00]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Update"=C:\WINDOWS\system32\scvhost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SIA7"="C:\Programme\Steganos Internet Anonym 7\sia7.exe" -firstboot

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
AutoStart IR.lnk - C:\Programme\WinTV\Ir.exe [2007-02-07 15:31:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Programme\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Programme\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Tobias^Startmenü^Programme^Autostart^hamachi.lnk]
path=C:\Dokumente und Einstellungen\Tobias\Startmenü\Programme\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Tobias^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk]
path=C:\Dokumente und Einstellungen\Tobias\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Tobias^Startmenü^Programme^Autostart^Y'z ToolBar.lnk]
path=C:\Dokumente und Einstellungen\Tobias\Startmenü\Programme\Autostart\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\great bin]
C:\DOKUME~1\Tobias\ANWEND~1\OBJATO~1\REFMULTICORN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\Programme\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ 6.1]
C:\WINDOWS\system32\nltor32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ 6.1 Beta]
C:\WINDOWS\system32\cltmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA7]
"C:\Programme\Steganos Internet Anonym 7\SIA7.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\programme\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Programme\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
C:\WINDOWS\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WoW Account Stealer]
C:\WINDOWS\system32\ntoskrnl32.exe

R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 avgio;avgio;\??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntflt;avgntflt;\??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
S3 avmeject;AVM Eject;C:\WINDOWS\system32\drivers\avmeject.sys
S3 DREADNOUGHT;DREADNOUGHT;\??\C:\DOKUME~1\Tobias\LOKALE~1\Temp\DREADNOUGHT
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
S3 HotSpotFSvc;Hotspot Manager;"C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe"
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S3 TSMPacket;T-DSL Manager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

*Newly Created Service* - CATCHME

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
C:\WINDOWS\system32\msvb.exe s

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A00100FD-FFE0-F286-DD1C-D0959F340903}
C:\WINDOWS\system32\ntoskrnl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC800506-AFD3-FCCB-A0AC-CEFDECFD1F87}
C:\WINDOWS\system32\cltmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D939E0-C6F0-CC70-A446-B49BC97A72AA}
C:\WINDOWS\system32\ntoskrnl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BD013C09-B206-A007-BABD-EAB0F020B3EE}
C:\WINDOWS\system32\nltor32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CFE05E0A-D910-DDD3-B77D-C70C0E9C94BB}
C:\WINDOWS\system32\clfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DA008F3B-E04B-E00C-C900-D0000F080767}
C:\WINDOWS\system32\ntoskrnl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DC9D8B83-C748-CEAF-A491-BB3F3900CACE}
C:\WINDOWS\system32\ntoskrnl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F00F0807-EED0-EF64-C8F5-CD73C01206D1}
C:\WINDOWS\system32\cltmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F04E0AD0-A0F0-B09C-D3CF-FC8EBC70005B}
C:\WINDOWS\system32\avguard32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F1050000-CA40-A005-C4BA-B0398D18E0D7}
C:\WINDOWS\system32\scvhost.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F90F0807-EEC0-EF54-C8F5-CD73C01206D0}
C:\WINDOWS\system32\winkrnl.exe

Contents of the 'Scheduled Tasks' folder
2007-07-27 15:16:28 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-07-29 12:31:03 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 15:29:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 15:29:58
C:\ComboFix-quarantined-files.txt ... 2007-07-29 15:29
C:\ComboFix2.txt ... 2007-07-29 15:20

--- E O F ---



.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6840-25B2

Verzeichnis von C:\WINDOWS\system32

29.07.2007 15:19 108.336 mswinsck.ocx
29.07.2007 15:19 2.206 wpa.dbl
29.07.2007 15:14 1.379.181 offlog.txt
28.07.2007 00:56 12.003 lamastuff.svr
28.07.2007 00:42 12.003 icqlogreader.svr
28.07.2007 00:42 12.003 Beeper.svr
28.07.2007 00:41 12.003 Text2Speech.svr
28.07.2007 00:17 52.224 jpg.dll
27.07.2007 20:53 12.003 zlib.dll
27.07.2007 19:53 51.733 plugin1.dat
27.07.2007 16:40 133 imon1.dat
26.07.2007 12:38 549.584 FNTCACHE.DAT
25.07.2007 15:28 5.214 jupdate-1.6.0_02-b06.log
25.07.2007 10:37 219.648 uxtheme.dll
24.07.2007 21:23 230.454 webcam.bmp
22.07.2007 18:39 279.552 swreg.exe
22.07.2007 16:15 43.520 CmdLineExt03.dll
17.07.2007 21:00 2.764.854 screenshot.bmp
17.07.2007 20:09 1.522.905 msvb.exe
17.07.2007 20:01 15.015 screenshot.jpg
17.07.2007 20:01 71.168 ijl11.dll
17.07.2007 20:00 52.736 passview.dll
12.07.2007 18:18 50.520 csvidcap.dll
12.07.2007 14:43 21.840 SIntfNT.dll
12.07.2007 14:43 17.212 SIntf32.dll
12.07.2007 14:43 12.067 SIntf16.dll
12.07.2007 10:12 53.248 css.dll
12.07.2007 04:54 107.864 tsccvid.dll
12.07.2007 02:22 139.264 javaws.exe
12.07.2007 02:22 69.632 javacpl.cpl
12.07.2007 01:22 135.168 javaw.exe
12.07.2007 01:22 135.168 java.exe
11.07.2007 11:01 53.474 tcpmon.ini
02.07.2007 21:41 1.044.480 libdivx.dll
02.07.2007 21:41 200.704 ssldivx.dll
29.06.2007 02:01 240.240 wpcap.dll
29.06.2007 02:01 88.696 Packet.dll
29.06.2007 02:01 68.224 WanPacket.dll
29.06.2007 02:01 53.299 pthreadVC.dll
19.06.2007 14:58 4.254 jupdate-1.6.0_01-b06.log
18.06.2007 17:46 404.104 perfh009.dat
18.06.2007 17:46 63.324 perfc009.dat
18.06.2007 17:46 76.212 perfc007.dat
18.06.2007 17:46 419.300 perfh007.dat
18.06.2007 17:46 974.848 PerfStringBackup.INI
06.06.2007 08:38 15.747.032 MRT.exe
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 10:59 5.326.848 mshtml.dll
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 1.338.880 wininet.dll
25.04.2007 09:42 871.936 webcheck.dll
25.04.2007 09:42 1.560.064 urlmon.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 718.848 occache.dll
25.04.2007 09:42 196.096 url.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 3.206.656 inetcpl.cpl
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 124.928 advpack.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 230.400 ieaksie.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 11:32 1.485.696 LegitCheckControl.dll
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 22:47 33.624 wups.dll
16.04.2007 22:47 30.040 wuapi.dll.mui
16.04.2007 22:47 30.040 wuaucpl.cpl.mui
16.04.2007 22:45 1.710.936 wuaueng.dll
16.04.2007 22:45 549.720 wuapi.dll
16.04.2007 22:45 325.976 wucltui.dll
16.04.2007 22:45 216.408 wuaucpl.cpl
16.04.2007 22:45 203.096 wuweb.dll
16.04.2007 22:45 92.504 cdm.dll
16.04.2007 22:45 20.824 wuaueng.dll.mui
16.04.2007 22:45 53.080 wuauclt.exe
16.04.2007 22:45 43.352 wups2.dll
16.04.2007 22:44 34.136 wucltui.dll.mui
16.04.2007 17:53 1.058.304 kernel32.dll
02.04.2007 07:58 546.304 hhctrl.ocx
29.03.2007 04:42 29.704 uxtuneup.dll
20.03.2007 19:54 16.832 amcompat.tlb
20.03.2007 19:54 23.392 nscompat.tlb
17.03.2007 15:44 431.616 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 01:51 187.128 pxmas.dll
08.03.2007 01:51 72.440 pxhpinst.exe
08.03.2007 01:51 39.672 vxblock.dll
08.03.2007 01:51 510.712 pxdrv.dll
08.03.2007 01:51 64.760 pxinsa64.exe
08.03.2007 01:51 129.784 pxafs.dll
08.03.2007 01:51 64.760 pxcpya64.exe
08.03.2007 01:51 379.640 pxwave.dll
08.03.2007 01:51 547.576 px.dll
08.03.2007 01:51 1.628.920 pxsfs.dll
06.03.2007 21:05 520.192 ati2sgag.exe
02.03.2007 22:57 307.200 atiiiexx.dll
02.03.2007 22:54 307.200 ATIDEMGX.dll
02.03.2007 22:53 265.728 ati2dvag.dll
02.03.2007 22:47 118.784 atipdlxx.dll
02.03.2007 22:47 110.592 Oemdspif.dll
02.03.2007 22:47 26.112 Ati2mdxx.exe
02.03.2007 22:47 42.496 ati2edxx.dll
02.03.2007 22:47 110.592 ati2evxx.dll
02.03.2007 22:46 446.464 ati2evxx.exe
02.03.2007 22:45 53.248 ATIDDC.DLL
02.03.2007 22:38 2.824.512 ati3duag.dll
02.03.2007 22:29 1.288.960 ativvaxx.dll
02.03.2007 22:29 3.107.788 ativvaxx.dat
02.03.2007 22:21 5.398.528 atioglxx.dll
02.03.2007 22:17 258.048 atikvmag.dll
02.03.2007 22:16 17.408 atitvo32.dll
02.03.2007 22:11 348.160 ati2cqag.dll
28.02.2007 19:51 9.857 jupdate-1.5.0_11-b03.log
28.02.2007 18:02 2.138.624 ntoskrnl.exe
28.02.2007 18:02 2.018.304 ntkrnlpa.exe
26.02.2007 17:44 147.685 atiicdxx.dat
26.02.2007 04:01 122.142 TZLog.log
16.02.2007 20:04 7.072 atifglpf.xml
15.02.2007 19:01 337.280 WgaTray.exe
15.02.2007 19:00 236.928 WgaLogon.dll
08.02.2007 12:58 940.794 LoopyMusic.wav
08.02.2007 12:58 146.650 BuzzingBee.wav
05.02.2007 22:18 185.856 upnphost.dll
01.02.2007 12:39 90 spupdwxp.log
29.01.2007 10:58 60.416 tzchange.exe
19.01.2007 12:53 51.056 sirenacm.dll
10.01.2007 18:42 1.040.384 ieframe.dll.mui
08.01.2007 20:01 17.408 corpol.dll
28.12.2006 01:02 68.096 avmadd32.dll
28.12.2006 01:02 74.240 fwlanci.dll
19.12.2006 23:49 135.168 shsvcs.dll
19.12.2006 23:49 31.213.056 shell32.dll
19.12.2006 20:17 334.336 wiaservc.dll
19.12.2006 15:02 40.960 frapsvid.dll
04.12.2006 16:21 414.720 msscp.dll
01.12.2006 05:20 212.480 swxcacls.exe
29.11.2006 17:21 370.688 swsc.exe
27.11.2006 16:54 433.152 riched20.dll
27.11.2006 16:54 539.136 msftedit.dll
27.11.2006 02:34 49.152 vfind.exe
17.11.2006 19:53 12.288 advpack.dll.mui
17.11.2006 16:14 14.640 spmsg.dll
07.11.2006 22:03 191.488 iepeers.dll
07.11.2006 22:03 413.696 vbscript.dll
07.11.2006 22:03 156.160 msls31.dll
07.11.2006 22:03 180.736 ieui.dll
07.11.2006 04:26 71.680 admparse.dll
07.11.2006 04:26 55.296 iesetup.dll
07.11.2006 04:26 92.672 inseng.dll
07.11.2006 04:24 56.483 ieuinit.inf
04.11.2006 14:14 1.245.696 msxml4.dll
03.11.2006 11:02 10.070.528 wmploc.dll
03.11.2006 10:56 99.840 wmpshell.dll
03.11.2006 10:55 275.968 wmerror.dll
03.11.2006 10:54 8.192 asferror.dll
02.11.2006 12:51 43.008 wpdshextres.dll
01.11.2006 21:17 927.504 mfc40u.dll
23.10.2006 17:34 3.915.264 shdocvw.dll
23.10.2006 17:34 610.816 shlwapi.dll
23.10.2006 17:34 1.056.256 danim.dll
23.10.2006 17:34 152.064 cdfview.dll
23.10.2006 17:34 1.014.784 browseui.dll
20.10.2006 03:38 715.776 sxs.dll
18.10.2006 22:58 8.704 uwdf.exe
18.10.2006 22:58 8.704 wdfmgr.exe
18.10.2006 22:47 629.760 wpd_ci.dll
18.10.2006 22:47 4.096 WMVADVD.dll
18.10.2006 22:47 603.648 WMSPDMOD.dll
18.10.2006 22:47 1.329.152 WMSPDMOE.dll
18.10.2006 22:47 1.543.680 WMVDECOD.dll
18.10.2006 22:47 4.096 wmsdmoe2.dll
18.10.2006 22:47 4.096 wmvdmod.dll
18.10.2006 22:47 4.096 wmvdmoe2.dll
18.10.2006 22:47 1.574.912 WMVENCOD.dll
18.10.2006 22:47 2.450.944 wmvcore.dll
18.10.2006 22:47 1.382.912 WMVSDECD.dll
18.10.2006 22:47 356.352 wpdsp.dll
18.10.2006 22:47 767.488 WMVSENCD.dll
18.10.2006 22:47 133.632 WPDShServiceObj.dll
18.10.2006 22:47 656.896 WMVXENCD.dll
18.10.2006 22:47 4.096 wmsdmod.dll
18.10.2006 22:47 35.840 wpdconns.dll
18.10.2006 22:47 154.624 wpdmtp.dll
18.10.2006 22:47 2.450.944 SETD5.tmp
18.10.2006 22:47 4.096 WMVADVE.DLL
18.10.2006 22:47 63.488 wpdmtpus.dll
18.10.2006 22:47 2.603.008 WpdShext.dll
18.10.2006 22:47 242.688 wmpasf.dll
18.10.2006 22:47 10.834.432 wmp.dll
18.10.2006 22:47 937.984 wmnetmgr.dll
18.10.2006 22:47 348.672 wmdrmnet.dll
18.10.2006 22:47 314.880 wmpdxm.dll
18.10.2006 22:47 295.936 wmpeffects.dll
18.10.2006 22:47 1.661.440 wmpencen.dll
18.10.2006 22:47 613.376 wmpmde.dll
18.10.2006 22:47 157.184 wmidx.dll
18.10.2006 22:47 130.048 wmpps.dll
18.10.2006 22:47 204.288 wmpsrcwp.dll
18.10.2006 22:47 535.040 wmdrmsdk.dll
18.10.2006 22:47 937.984 SETCE.tmp
18.10.2006 22:47 211.456 qasf.dll
18.10.2006 22:47 429.056 wmdrmdev.dll
18.10.2006 22:47 37.376 wmdmps.dll
18.10.2006 22:47 33.792 wmdmlog.dll
18.10.2006 22:47 222.208 wmasf.dll
18.10.2006 22:47 1.117.696 WMADMOE.dll
18.10.2006 22:47 199.168 PortableDeviceWMDRM.dll
18.10.2006 22:47 132.096 PortableDeviceWiaCompat.dll
18.10.2006 22:47 757.248 WMADMOD.dll
18.10.2006 22:47 33.792 SETDF.tmp
18.10.2006 22:47 166.912 PortableDeviceTypes.dll
18.10.2006 22:47 222.208 SETC9.tmp
18.10.2006 22:47 284.160 PortableDeviceApi.dll
18.10.2006 22:47 4.096 wdfapi.dll
18.10.2006 22:47 101.888 PortableDeviceClassExtension.dll
18.10.2006 22:47 179.712 msnetobj.dll
18.10.2006 22:47 321.536 mswmdm.dll
18.10.2006 22:47 321.536 SETDE.tmp
18.10.2006 22:47 175.616 mspmsp.dll
18.10.2006 22:47 27.136 mspmsnsv.dll
18.10.2006 22:47 175.616 SETE3.tmp
18.10.2006 22:47 212.992 MFPLAT.dll
18.10.2006 22:47 11.264 LAPRXY.dll
18.10.2006 22:47 4.096 MPG4DMOD.dll
18.10.2006 22:47 259.072 MPG4DECD.dll
18.10.2006 22:47 317.440 MP4SDECD.dll
18.10.2006 22:47 4.096 MP4SDMOD.dll
18.10.2006 22:47 4.096 MP43DMOD.dll
18.10.2006 22:47 259.072 MP43DECD.dll
18.10.2006 22:47 542.720 blackbox.dll
18.10.2006 22:47 229.376 cewmdm.dll
18.10.2006 22:47 991.744 drmv2clt.dll
18.10.2006 22:47 276.992 audiodev.dll
18.10.2006 21:05 232.448 l3codecp.acm
18.10.2006 21:03 100.864 logagent.exe
18.10.2006 21:00 249.856 drmupgds.exe
18.10.2006 21:00 17.408 wpdshextautoplay.exe
17.10.2006 13:06 443.904 html.iec
17.10.2006 13:06 78.336 ieencode.dll
17.10.2006 13:05 206.336 WinFXDocObj.exe
17.10.2006 13:05 40.960 licmgr10.dll
17.10.2006 13:00 491.520 jscript.dll
17.10.2006 12:58 12.288 msfeedssync.exe
17.10.2006 12:58 61.952 icardie.dll
17.10.2006 12:58 44.544 pngfilt.dll
17.10.2006 12:58 346.624 dxtmsft.dll
17.10.2006 12:57 36.352 imgutil.dll
17.10.2006 12:57 214.528 dxtrans.dll
17.10.2006 12:56 45.568 mshta.exe
17.10.2006 12:55 66.560 tdc.ocx
17.10.2006 12:28 48.128 mshtmler.dll
17.10.2006 12:19 1.383.424 mshtml.tlb
16.10.2006 18:15 126.976 oledlg.dll
14.10.2006 10:13 981.760 mfc42u.dll
13.10.2006 14:35 64.000 nwapi32.dll
13.10.2006 14:35 65.536 nwwks.dll
13.10.2006 14:35 146.432 nwprovau.dll
02.10.2006 16:28 312.128 msdelta.dll
28.09.2006 21:13 95.344 WUDFCoinstaller.dll
28.09.2006 19:56 146.432 WudfHost.exe
28.09.2006 19:56 316.416 WUDFx.dll
28.09.2006 19:56 165.376 WudfPlatform.dll
28.09.2006 19:56 55.808 WudfSvc.dll
28.09.2006 06:16 806.912 divx_xx07.dll
28.09.2006 06:16 806.912 divx_xx0c.dll
28.09.2006 06:16 790.528 divx_xx11.dll
28.09.2006 06:16 634.974 DivX.dll
25.09.2006 18:58 23.856 spupdsvc.exe
23.09.2006 13:12 82.428 IE7Eula.rtf
13.09.2006 07:02 1.084.416 msxml3.dll
01.09.2006 08:44 1.988 ticrf.rat
01.09.2006 08:44 8.798 icrav03.rat
25.08.2006 17:46 617.472 comctl32.dll
25.08.2006 05:47 115.880 pxinsi64.exe
24.08.2006 14:19 246.814 strmdll.dll
24.08.2006 14:17 500.278 dxmasf.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
18.08.2006 06:58 282.624 RTSndMgr.cpl
17.08.2006 14:28 332.288 netapi32.dll
17.08.2006 14:28 132.096 wkssvc.dll
17.08.2006 14:28 729.600 lsasrv.dll
16.08.2006 13:58 100.352 6to4svc.dll
11.08.2006 01:03 73.728 dpl100.dll
01.08.2006 15:02 49.152 ChCfg.exe
27.07.2006 19:28 3.596.288 qt-dx331.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:51 121.856 xmllite.dll
12.07.2006 01:40 4.276 divxsm.tlb
12.07.2006 01:40 520.192 DivXsm.exe
12.07.2006 01:40 10.863 dsm_ja.qm
12.07.2006 01:40 15.507 dsm_de.qm
12.07.2006 01:40 15.299 dsm_fr.qm
12.07.2006 00:53 704.512 divxdec.ax
12.07.2006 00:53 352.401 DivXMedia.ax
12.07.2006 00:33 12.288 DivXWMPExtType.dll
12.07.2006 00:33 118.784 DivXCodecUpdateChecker.exe
12.07.2006 00:32 8.523 dpude.qm
12.07.2006 00:32 3.136 dtu_de.qm
29.06.2006 09:05 23.552 normaliz.dll
29.06.2006 09:05 26.112 idndl.dll
28.06.2006 18:59 24.576 nlsdl.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
22.06.2006 12:47 181.248 rasmans.dll
22.06.2006 07:06 1.441.792 query.dll
22.06.2006 07:06 69.120 ciodm.dll
08.06.2006 13:06 60.294 normnfkd.nls
08.06.2006 13:06 45.794 normnfc.nls
08.06.2006 13:06 66.384 normnfkc.nls
08.06.2006 13:06 39.284 normnfd.nls
08.06.2006 13:06 59.342 normidna.nls
07.06.2006 10:46 6.684.672 atioglx1.dll
07.06.2006 10:38 290.816 ATIDEMGR.dll
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 20:47 27.648 jgpl400.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 95.744 iphlpapi.dll
13.04.2006 11:30 1.073.152 libmysql_c.dll
24.03.2006 06:37 49.152 wdigest.dll
17.03.2006 02:38 28.672 verclsid.exe
01.03.2006 21:43 91.136 mtxoci.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 66.560 mtxclu.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
23.02.2006 02:00 33.792 avmcowlan.dll
22.02.2006 15:55 864.256 SPort.dll
24.01.2006 11:17 524.353 HCWTVWND.dll
10.01.2006 16:50 24.576 AsIO.dll
06.01.2006 23:17 544 hgezgc.ini
04.01.2006 05:35 68.096 webclnt.dll
29.12.2005 04:54 280.064 gdi32.dll
22.12.2005 11:54 229.432 hcwpnp32.dll
19.12.2005 16:51 69.632 hcwChMgr.deu
16.12.2005 16:38 94.264 hcwi2c32.dll
21.10.2005 00:25 1.094.144 esent.dll
17.10.2005 23:20 118.272 t2embed.dll
17.10.2005 23:20 80.896 fontsub.dll
06.10.2005 05:08 1.839.616 win32k.sys
03.10.2005 16:35 73.728 atiexdxx.dll
23.09.2005 07:28 32.768 netfxperf.dll
23.09.2005 07:28 270.848 mscoree.dll
23.09.2005 07:28 74.240 mscories.dll
23.09.2005 07:28 150.016 mscorier.dll
23.09.2005 07:28 83.456 dfshim.dll
21.09.2005 10:25 299.008 ALSndMgr.cpl
10.09.2005 03:54 2.067.968 cdosys.dll
01.09.2005 03:44 19.968 linkinfo.dll
30.08.2005 05:55 1.292.800 quartz.dll
23.08.2005 05:39 124.416 umpnpmgr.dll
22.08.2005 20:31 197.632 netman.dll
26.07.2005 06:39 101.376 txflog.dll
26.07.2005 06:39 37.888 olecnv32.dll
26.07.2005 06:39 74.752 olecli32.dll
26.07.2005 06:39 397.824 rpcss.dll
26.07.2005 06:39 1.285.120 ole32.dll
26.07.2005 06:39 243.200 es.dll
26.07.2005 06:39 540.160 comuid.dll
26.07.2005 06:39 1.267.200 comsvcs.dll
26.07.2005 06:39 60.416 colbact.dll
26.07.2005 06:39 97.792 comrepl.dll
26.07.2005 06:39 498.688 clbcatq.dll
26.07.2005 06:39 110.080 clbcatex.dll
26.07.2005 06:39 625.152 catsrvut.dll
26.07.2005 06:39 225.792 catsrv.dll
08.07.2005 18:28 249.344 tapisrv.dll
08.07.2005 18:28 76.800 remotesp.tsp
29.06.2005 03:49 74.240 mscms.dll
29.06.2005 03:49 254.976 icm32.dll
24.06.2005 20:39 5.120 ff_vfw.dll
20.06.2005 21:39 9.410.048 RTLCPL.exe
15.06.2005 19:49 295.936 kerberos.dll
11.06.2005 01:53 57.856 spoolsv.exe
11.06.2005 00:34 77.824 hcwTVDlg.deu
11.06.2005 00:34 65.536 hcwDlg.deu
11.06.2005 00:33 61.440 hcwChan.deu
27.05.2005 04:04 41.472 hhsetup.dll
27.05.2005 04:04 137.216 itss.dll
27.05.2005 04:04 155.136 itircl.dll
26.05.2005 05:16 198.424 iuengine.dll
26.05.2005 05:16 194.840 wuaueng1.dll
26.05.2005 05:16 174.872 wuauclt1.exe
11.05.2005 04:30 78.336 telnet.exe
04.05.2005 15:45 78.848 msiexec.exe
04.05.2005 15:45 271.360 msihnd.dll
04.05.2005 15:45 884.736 msimsg.dll
04.05.2005 15:45 15.360 msisip.dll
29.04.2005 16:14 139.324 hcwecp.ax
15.04.2005 18:58 1.071.088 MSCOMCTL.OCX
02.03.2005 20:09 578.560 user32.dll
02.03.2005 20:09 56.832 authz.dll
24.02.2005 18:56 547 ff_vfw.dll.manifest
21.02.2005 14:36 69.632 hcwsched.dll
08.02.2005 11:18 213.050 Hcwchan.dll
04.02.2005 13:37 131.072 hcwsched.ocx
28.01.2005 14:44 96.768 drmstor.dll
28.01.2005 14:44 331.776 wpdmtpdr.dll
28.01.2005 14:44 258.296 drmclien.dll
28.01.2005 14:44 10.752 wpdtrace.dll
15.01.2005 11:31 199.168 PhotomatixLib.dll
12.01.2005 15:29 69.696 CHSUITE.OCX
07.01.2005 18:07 61.952 HdAShCut.exe
07.01.2005 18:07 25.088 HdAProp.dll
07.01.2005 18:07 5.120 HdAudRes.dll
14.12.2004 13:19 53.248 pmexr.dll
07.12.2004 21:33 96.768 srvsvc.dll
17.11.2004 19:42 356.352 hypertrm.dll
20.09.2004 12:24 34.064 lhacm.acm
12.08.2004 13:33 321.024 pmtf2.dll
12.08.2004 12:50 140.800 pmjp.dll
04.08.2004 10:12 1.788 dcache.bin
04.08.2004 10:00 333.312 netsetup.exe
04.08.2004 09:58 87.176 rdpwsx.dll
04.08.2004 09:58 92.168 rdpdd.dll
04.08.2004 09:58 12.168 tsddd.dll
04.08.2004 09:58 146.944 winspool.drv
04.08.2004 09:58 29.696 hidphone.tsp
04.08.2004 09:58 207.360 unimdm.tsp
04.08.2004 09:58 266.240 h323.tsp
04.08.2004 09:58 17.408 ipconf.tsp
04.08.2004 09:58 57.344 ndptsp.tsp
04.08.2004 09:58 684.032 sstext3d.scr
04.08.2004 09:58 192.512 msh261.drv
04.08.2004 09:58 33.280 kmddsp.tsp
04.08.2004 09:58 610.304 sspipes.scr
04.08.2004 09:58 14.848 ssstars.scr
04.08.2004 09:58 393.216 ssflwbox.scr
04.08.2004 09:58 19.968 ssbezier.scr
04.08.2004 09:58 20.992 ssmarque.scr
04.08.2004 09:58 47.104 ssmypics.scr
04.08.2004 09:58 18.944 ssmyst.scr
04.08.2004 09:58 708.608 ss3dfo.scr
04.08.2004 09:58 53.248 vbicodec.ax
04.08.2004 09:58 56.832 msdvbnp.ax
04.08.2004 09:58 148.992 mpg2splt.ax
04.08.2004 09:58 118.272 mpeg2data.ax
04.08.2004 09:58 262.144 mpg4ds32.ax
04.08.2004 09:58 154.624 ivfsrc.ax
04.08.2004 09:58 258.048 wmvds32.ax
04.08.2004 09:58 30.720 vbisurf.ax
04.08.2004 09:58 69.632 msscds32.ax
04.08.2004 09:58 848.384 ir41_32.ax
04.08.2004 09:58 16.384 ipsink.ax
04.08.2004 09:58 199.680 iac25_32.ax
04.08.2004 09:58 239.616 wstrenderer.ax
04.08.2004 09:58 278.559 wmv8ds32.ax
04.08.2004 09:58 33.280 psisrndr.ax
04.08.2004 09:58 221.184 msadds32.ax
04.08.2004 09:58 164.352 wstpager.ax
04.08.2004 09:58 9.216 scrnsave.scr
04.08.2004 09:58 18.432 bdaplgin.ax
04.08.2004 09:58 3.124.224 logon.scr
04.08.2004 09:58 25.600 netsetup.cpl
04.08.2004 09:58 138.240 desk.cpl
04.08.2004 09:58 269.824 intl.cpl
04.08.2004 09:58 206.336 joy.cpl
04.08.2004 09:58 909.312 mmsys.cpl
04.08.2004 09:58 110.592 bthprops.cpl
04.08.2004 09:58 148.480 wscui.cpl
04.08.2004 09:58 70.656 access.cpl
04.08.2004 09:58 381.440 irprops.cpl
04.08.2004 09:58 32.768 odbccp32.cpl
04.08.2004 09:58 407.040 nusrmgr.cpl
04.08.2004 09:58 659.968 appwiz.cpl
04.08.2004 09:58 472.576 hdwwiz.cpl
04.08.2004 09:58 30.720 xcopy.exe
04.08.2004 09:58 382.976 powercfg.cpl
04.08.2004 09:58 230.912 timedate.cpl
04.08.2004 09:58 475.648 sysdm.cpl
04.08.2004 09:58 23.040 ativmvxx.ax
04.08.2004 09:58 9.728 ativdaxx.ax
04.08.2004 09:58 80.384 firewall.cpl
04.08.2004 09:58 13.824 wscntfy.exe
04.08.2004 09:58 32.256 wpnpinst.exe
04.08.2004 09:58 32.256 wpabaln.exe
04.08.2004 09:58 114.688 wscript.exe
04.08.2004 09:58 507.392 winlogon.exe
04.08.2004 09:58 5.632 winver.exe
04.08.2004 09:58 67.072 wextract.exe
04.08.2004 09:58 2.663.424 wiaacmgr.exe
04.08.2004 09:58 50.176 utilman.exe
04.08.2004 09:58 292.864 vssvc.exe
04.08.2004 09:58 25.088 userinit.exe
04.08.2004 09:58 18.432 ups.exe
04.08.2004 09:58 16.896 upnpcont.exe
04.08.2004 09:58 347.136 tourstart.exe
04.08.2004 09:58 80.384 tlntsess.exe
04.08.2004 09:58 75.264 tlntsvr.exe
04.08.2004 09:58 12.800 tracert.exe
04.08.2004 09:58 260.096 tracerpt.exe
04.08.2004 09:58 64.000 tlntadmn.exe
04.08.2004 09:58 14.336 svchost.exe
04.08.2004 09:58 753.152 sysocmgr.exe
04.08.2004 09:58 14.848 stimon.exe
04.08.2004 09:58 356.864 taskmgr.exe
04.08.2004 09:58 21.504 spupdwxp.exe
04.08.2004 09:58 539.136 spider.exe
04.08.2004 09:58 32.866 slrundll.exe
04.08.2004 09:58 73.796 slserv.exe
04.08.2004 09:58 94.208 smlogsvc.exe
04.08.2004 09:58 8.192 spdwnwxp.exe
04.08.2004 09:58 8.192 smbinst.exe
04.08.2004 09:58 50.688 smss.exe
04.08.2004 09:58 391.680 sndrec32.exe
04.08.2004 09:58 42.496 shmgrate.exe
04.08.2004 09:58 26.112 skeys.exe
04.08.2004 09:58 78.336 shrpubw.exe
04.08.2004 09:58 71.168 sigverif.exe
04.08.2004 09:58 20.992 shutdown.exe
04.08.2004 09:58 127.488 schtasks.exe
04.08.2004 09:58 108.544 services.exe
04.08.2004 09:58 142.848 sessmgr.exe
04.08.2004 09:58 19.456 secedit.exe
04.08.2004 09:58 32.768 sethc.exe
04.08.2004 09:58 23.040 setup.exe
04.08.2004 09:58 78.336 sdbinst.exe
04.08.2004 09:58 14.336 runonce.exe
04.08.2004 09:58 33.792 rundll32.exe
04.08.2004 09:58 78.848 rtcshare.exe
04.08.2004 09:58 99.840 scardsvr.exe
04.08.2004 09:58 13.312 savedump.exe
04.08.2004 09
Seitenanfang Seitenende
30.07.2007, 11:43
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#2 Hi,

ja, folgendes ist zu finden:
eventuell "golden eye":
C:\WINDOWS\system32\jpg.dl

Dies hier ist SDBOT-XT WORM:
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\system32\scvhost.exe

Folgendes bitte Online prüfen lassen (zur Sicherheit auch goldeneye):

C:\DOKUME~1\Tobias\ANWEND~1\OBJATO~1\REFMULTICORN.exe
C:\WINDOWS\system32\jpg.dll
C:\WINDOWS\system32\avguard32.exe

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
Falls eines der Files erkannt wird, unten bei Files mit aufnehmen...

Bitte den Teatimer-Onlineshutz abschalten/deinstallieren, der verträgt sich nicht mit den anschließenden Aktionen!

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat


Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\Windows Update

Files to delete:
C:\WINDOWS\system32\scvhost.exe
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {600BE137-52FA-43A9-ABD3-BD6E0865A364} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [Meine Bilder] C:\WINDOWS\system32\avguard32.exe
Counterspy:
scanne und poste den scanreport (stelle vorher alles auf "remove")
http://virus-protect.org/counterspy.html

chris
Dieser Beitrag wurde am 30.07.2007 um 13:22 Uhr von Chris4You editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1