Problem mit TR/PcHealth.1 und "vrmdtneg"

#1 moin moin, es geht im prinzip um folgendes thema:
http://board.protecus.de/t34007.htm

Ich hab alles so gemacht wie es gesagt wurde. ansich funktioniert wieder alles. allerdings hab ich jetzt ein problem. und zwar bleibt mein Desktophintergrund schwarz, egal was ich mache. Ich kann egal auf welche art und weise kein Hintergrundbild einstellen. Wenn ich über Anzeigeeigenschaften eins aussuche zeigt er es mir auch nicht richtig an bzw gar nicht. (siehe Anhang)
Außerdem bekomme ich beim öffnen eines Ordners auch keine Miniaturansichten angezeigt bis ich die Ansichten alle einmal duchgeschaltet habe. Ich denke das hängt zusammen.

Danke im vorraus

MfG Andi

#2 Hallo, chiefyeoman

wende smitfraudfix an + poste hier den report von Option 2
http://virus-protect.org/artikel/tools/smitfrautfix.html

dann wende Combofix an , klicke die Warnmeldung weg + poste den Report hier
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Moin,

smitfraudfix hab ich angewendet, hat aber im bezug auf dn desktophintergrund nichts gebracht.

hier das log

SmitFraudFix v2.328

Scan done at 15:24:32.10, 2008-07-01
Run from C:\Users\Andi\Desktop\Progïs\Antivirenkram\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{87CF0212-CDDB-46DF-8FD8-24E9956A5605}: NameServer=212.23.97.2 212.23.97.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{87CF0212-CDDB-46DF-8FD8-24E9956A5605}: NameServer=212.23.97.2 212.23.97.3


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


-----------------------------------------------------------------
Und hier das COMBOFIX Log



ComboFix 08-06-20.4 - Andi 2008-07-01 16:22:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1200 [GMT 2:00]
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-06-01 bis 2008-07-01 ))))))))))))))))))))))))))))))
.

2008-07-01 15:21 . 2008-07-01 15:24 4,314 --a------ C:\Windows\System32\tmp.reg
2008-07-01 14:53 . 2008-07-01 14:53 <DIR> d-------- C:\Windows\TweakVI
2008-07-01 14:53 . 2008-07-01 14:53 <DIR> d-------- C:\Program Files\TweakVI
2008-06-30 22:48 . 2008-06-30 22:48 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-06-30 22:40 . 2008-06-30 22:40 472,576 --a------ C:\Windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-06-25 20:43 . 2008-06-25 20:44 <DIR> d-------- C:\Program Files\DivX
2008-06-25 20:42 . 2007-04-18 17:30 473,728 --a------ C:\Windows\System32\drivers\mod7700.sys
2008-06-25 20:42 . 2006-06-29 17:49 53,248 --a------ C:\Windows\System32\ModrcCoInstall.dll
2008-06-25 20:42 . 2007-02-06 12:10 13,440 --a------ C:\Windows\System32\drivers\modrc.sys
2008-06-25 20:33 . 1998-11-02 20:57 196,096 --------- C:\Windows\System32\MACD32.DLL
2008-06-25 20:33 . 1998-11-02 20:57 138,752 --------- C:\Windows\System32\MASE32.DLL
2008-06-25 20:33 . 1998-11-02 20:57 136,192 --------- C:\Windows\System32\MAMC32.DLL
2008-06-25 20:33 . 1998-11-02 20:57 57,856 --------- C:\Windows\System32\MASD32.DLL
2008-06-25 20:33 . 1998-11-02 20:57 27,648 --------- C:\Windows\System32\MA32.DLL
2008-06-25 20:24 . 2003-03-19 06:28 2,179,072 --------- C:\Windows\System32\mfc71d.dll
2008-06-25 20:24 . 2002-01-05 21:16 737,280 --------- C:\Windows\System32\msvcp70d.dll
2008-06-25 20:24 . 2002-01-05 21:16 536,576 --------- C:\Windows\System32\msvcr70d.dll
2008-06-25 20:24 . 2004-07-23 09:00 446,464 --------- C:\Windows\System32\HHActiveX.dll
2008-06-25 20:24 . 2004-06-03 12:47 385,100 --------- C:\Windows\System32\MSVCRTD.DLL
2008-06-25 20:23 . 2008-06-25 20:23 <DIR> d-------- C:\Program Files\Pinnacle
2008-06-25 20:23 . 2006-12-01 23:54 626,688 --------- C:\Windows\System32\msvcr80.dll
2008-06-25 20:23 . 2006-12-01 23:54 548,864 --------- C:\Windows\System32\msvcp80.dll
2008-06-25 20:23 . 2002-01-05 13:40 487,424 --------- C:\Windows\System32\MSVCP70.DLL
2008-06-25 20:23 . 2002-01-05 13:37 344,064 --------- C:\Windows\System32\MSVCR70.DLL
2008-06-25 20:22 . 2008-06-25 20:53 <DIR> d-------- C:\ProgramData\Pinnacle
2008-06-25 16:05 . 2008-06-27 09:02 250 --a------ C:\Windows\gmer.ini
2008-06-24 21:22 . 2008-06-24 01:11 <DIR> d-------- C:\SDFix
2008-06-24 12:04 . 2008-06-24 12:04 <DIR> d-------- C:\_OTMoveIt
2008-06-23 22:53 . 2008-07-01 16:21 <DIR> d-------- C:\327882R2FWJFW
2008-06-23 22:42 . 2008-06-23 22:56 336,870,426 --a------ C:\Windows\MEMORY.DMP
2008-06-23 22:10 . 2008-06-23 22:10 <DIR> d-------- C:\Users\Andi\AppData\Roaming\Malwarebytes
2008-06-23 22:09 . 2008-06-23 22:09 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-23 22:09 . 2008-06-23 22:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 22:09 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-23 22:09 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-12 22:20 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 22:20 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-12 22:20 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-12 22:20 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-12 22:20 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-12 22:20 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-12 22:12 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 22:12 . 2008-04-29 03:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-12 22:12 . 2008-04-29 05:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-12 22:12 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 22:12 . 2008-04-29 03:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 14:15 --------- d-----w C:\Users\Andi\AppData\Roaming\UseNeXT
2008-07-01 11:35 --------- d-----w C:\Users\Andi\AppData\Roaming\dvdcss
2008-06-30 23:13 --------- d-----w C:\ProgramData\Google Updater
2008-06-30 19:50 --------- d-----w C:\Program Files\Google
2008-06-30 19:27 --------- d-----w C:\Program Files\Java
2008-06-30 17:36 27,240 ----a-w C:\Users\Andi\AppData\Roaming\nvModes.dat
2008-06-25 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 01:06 --------- d-----w C:\Program Files\Windows Mail
2008-05-20 05:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 15:49 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-15 05:11 174 --sha-w C:\Program Files\desktop.ini
2008-05-15 05:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-15 05:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-15 05:01 --------- d-----w C:\Program Files\Windows Journal
2008-05-15 05:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-15 05:01 --------- d-----w C:\Program Files\Windows Calendar
2008-05-15 05:00 --------- d-----w C:\Program Files\Windows Defender
2008-05-14 13:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-07 18:02 --------- d-----w C:\Program Files\ASUS
2008-05-05 18:05 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-05 18:03 --------- d-----w C:\Users\Andi\AppData\Roaming\InstallShield
2008-02-20 11:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-20 11:11 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-20 11:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-10-25 20:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007102520071026\index.dat
2007-10-29 20:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007102920071030\index.dat
2008-01-22 13:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012220080123\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_19.22.14,69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 00:28:21 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-01 14:17:03 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-25 14:04:54 884,736 ----a-w C:\Windows\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\Windows\gmer.exe
- 2008-06-13 01:06:46 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-06-30 21:25:59 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-13 01:06:45 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-06-30 21:25:50 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-13 01:06:45 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-30 21:25:59 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-25 18:27:14 32,768 ----a-r C:\Windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
- 2008-06-13 01:09:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-01 14:17:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-13 01:09:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-01 14:17:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-13 01:11:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-01 14:18:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-01 14:18:53 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-13 01:11:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-01 14:18:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-01 14:18:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-13 04:27:06 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-06-30 21:27:57 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2003-03-18 18:04:59 89,088 ----a-w C:\Windows\System32\atl71.dll
+ 2003-03-19 04:05:48 89,088 ------w C:\Windows\System32\atl71.dll
- 2008-06-23 14:32:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-01 13:15:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-23 14:32:13 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-01 13:15:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-23 14:32:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-01 13:15:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-03 14:20:13 20,480 ----a-w C:\Windows\System32\CPUINFO2.DLL
+ 2006-06-19 17:59:46 619,156 ----a-w C:\Windows\System32\DivX.dll
+ 2006-06-19 17:59:47 778,240 ----a-w C:\Windows\System32\divx_xx07.dll
+ 2006-06-19 17:59:46 778,240 ----a-w C:\Windows\System32\divx_xx0c.dll
+ 2006-06-19 17:59:46 761,856 ----a-w C:\Windows\System32\divx_xx11.dll
+ 2006-06-19 18:12:48 118,784 ----a-w C:\Windows\System32\DivXCodecUpdateChecker.exe
+ 2006-06-19 18:00:32 536,576 ----a-w C:\Windows\System32\DivXsm.exe
+ 2006-06-19 18:12:31 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
+ 2006-06-19 17:55:34 86,016 ----a-w C:\Windows\System32\dpl100.dll
+ 2006-06-19 17:55:34 294,912 ----a-w C:\Windows\System32\dpu10.dll
+ 2006-06-19 17:55:34 294,912 ----a-w C:\Windows\System32\dpu11.dll
+ 2006-06-19 17:55:35 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
+ 2006-06-19 17:55:34 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
+ 2006-06-19 17:55:34 344,064 ----a-w C:\Windows\System32\dpus11.dll
+ 2006-06-19 17:55:34 57,344 ----a-w C:\Windows\System32\dpv11.dll
+ 2008-06-25 14:04:55 85,969 ----a-w C:\Windows\System32\drivers\gmer.sys
- 2006-11-02 08:53:56 26,112 ----a-w C:\Windows\System32\drivers\vgapnp.sys
+ 2008-01-19 05:52:06 26,112 ----a-w C:\Windows\System32\drivers\vgapnp.sys
+ 2006-10-26 20:28:00 283,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\af15bda.inf_a6f383a0\AF15BDA.sys
+ 2006-04-06 13:11:48 122,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\microtv.inf_b69f9fd1\MicroTV.sys
+ 2007-03-22 09:11:00 14,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv310cav.inf_8c7a2b46\x86\AVSim.sys
+ 2007-03-22 09:11:30 212,096 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv310ctv.inf_3da504c4\x86\OmniTV.sys
+ 2007-03-22 09:11:02 9,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv310ctv.inf_3da504c4\x86\SimCoInstDev.dll
+ 2007-03-02 08:37:54 373,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv320cx.inf_a2ee5007\Ltn_hyd7700pc.sys
+ 2006-12-27 15:32:24 11,520 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv320cxir.inf_2d82cc35\Ltn_rc.sys
+ 2007-01-25 17:21:54 53,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv320cxir.inf_2d82cc35\ModrcCoInstall.dll
+ 2006-09-04 07:29:38 330,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv4xxe.inf_3ffbb3c4\pctv4XXe.sys
+ 2006-09-04 07:29:38 49,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv4xxe.inf_3ffbb3c4\UsbCoInstaller.dll
+ 2003-02-27 08:07:20 3,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv713xi.inf_1f75d240\34CoInstaller.dll
+ 2006-11-22 07:53:02 1,121,536 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv713xi.inf_1f75d240\3xHybrid.sys
+ 2006-03-07 17:58:00 3,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv716x.inf_38c010dc\716xCoInstaller.dll
+ 2006-10-26 09:55:38 1,053,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctv716x.inf_38c010dc\PhilCap.sys
+ 2007-04-18 15:30:20 473,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvdib.inf_e74c24b1\mod7700.sys
+ 2007-02-06 10:10:58 13,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvdibir.inf_6114dbd8\modrc.sys
+ 2006-06-29 15:49:54 53,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvdibir.inf_6114dbd8\ModrcCoInstall.dll
+ 2007-01-12 15:55:24 22,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvempa.inf_04079692\emAudio.sys
+ 2007-01-29 19:20:04 361,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvempv.inf_55242ca7\emBDA.sys
+ 2006-12-15 14:54:30 61,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvempv.inf_55242ca7\emMON.exe
+ 2007-01-29 19:19:48 39,680 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvempv.inf_55242ca7\emOEM.sys
+ 2006-11-15 15:50:00 81,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\pctvempv.inf_55242ca7\PCLECoInst.dll
+ 2006-08-16 12:39:20 124,544 ----a-w C:\Windows\System32\DriverStore\FileRepository\royalts.inf_d62fbcac\RoyalTS.sys
+ 2006-03-31 09:05:56 129,920 ----a-w C:\Windows\System32\DriverStore\FileRepository\stargate.inf_02322a17\Stargate.sys
+ 2006-06-19 17:55:34 200,704 ----a-w C:\Windows\System32\dtu100.dll
- 2008-05-15 05:06:29 1,714,344 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-06-25 18:49:54 1,714,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2007-09-24 21:30:28 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2006-06-19 17:58:43 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
- 2003-03-18 20:11:59 1,047,552 ----a-w C:\Windows\System32\mfc71u.dll
+ 2003-03-19 06:12:12 1,047,552 ------w C:\Windows\System32\MFC71u.dll
- 2008-06-19 16:08:05 137,776 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-07-01 14:25:23 137,776 ----a-w C:\Windows\System32\perfc007.dat
- 2008-06-19 16:08:05 113,820 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-01 14:25:23 113,820 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-19 16:08:05 668,180 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-07-01 14:25:23 668,180 ----a-w C:\Windows\System32\perfh007.dat
- 2008-06-19 16:08:05 627,144 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-01 14:25:23 627,144 ----a-w C:\Windows\System32\perfh009.dat
+ 2006-06-19 17:59:06 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
- 2008-06-13 01:19:56 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-06-25 18:47:31 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-06-19 17:58:43 200,704 ----a-w C:\Windows\System32\ssldivx.dll
- 2003-01-26 10:41:24 40,960 ----a-w C:\Windows\System32\SSubTmr6.dll
+ 2008-04-03 14:20:14 37,888 ----a-w C:\Windows\System32\SSubTmr6.dll
- 2008-06-10 18:07:20 7,158 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1298148152-630522416-564056814-1000_UserData.bin
+ 2008-07-01 14:19:00 7,594 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1298148152-630522416-564056814-1000_UserData.bin
- 2008-06-10 18:07:19 113,152 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-01 14:19:00 117,346 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-10 18:07:19 46,588 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-01 14:18:57 48,418 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-01 18:55:20 120,836 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-25 18:20:57 179,428 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-06-23 00:28:29 323,302 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-06-29 18:29:50 333,232 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-01 12:53:31 473,600 ----a-w C:\Windows\TweakVI\uninstall.exe
- 2008-06-12 20:25:44 129,428,881 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-06-25 12:13:39 129,472,889 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40332C0D-97E4-40A9-9C4C-FDF052DF8DDF}]
C:\Windows\system32\iprop32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EDC0625-1B0F-467C-9889-817C3DE3D37C}"= "C:\Windows\vrmdtneg.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{1edc0625-1b0f-467c-9889-817c3de3d37c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[HKEY_CLASSES_ROOT\TypeLib\{688779DC-6990-4B13-BD7C-DC75BAD3A49E}]
[HKEY_CLASSES_ROOT\vrmdtneg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"DAEMON Tools"="D:\Programme\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"HuaWeiEVDO.exe"="C:\Program Files\BASE&E-PLUS\UMTS USB Modem Manager\UMTS USB Modem Manager.exe" [2007-11-06 10:09 921600]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"ICQ"="D:\Programme\ICQ\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2007-08-03 12:25 813624]
"PMCRemote"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 15:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 04:04 4423680 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 18:22 155648]
"ChkMail"="C:\Program Files\ChkMail\ChkMail\ChkMail.exe" [2007-03-21 02:12 741376]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-05-25 09:59 33136]
"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-02-02 04:58 987648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-02 11:22 56080 C:\Windows\KHALMNPR.Exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 15:43 262401]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 09:21 648072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-22 22:35 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-22 22:35 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-22 22:35 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-17 15:47:16 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AA03C55C-E14D-4E73-AEF9-74F37CE6462E}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D12CEEE3-9369-4B79-B81A-12D38CD2F53A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{CAFF4A79-9F9B-4649-8047-D84F84CD3CF1}"= UDP:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E7EDC347-4A79-4660-A7F5-8FA2106CF852}"= TCP:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{275DE047-66F8-4601-A4BC-8D135FBB7233}"= UDP:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{D41357DF-73B6-49E3-84FE-50D0EFD8E717}"= TCP:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{8C25FC16-2D34-472B-B9E5-1433794DF506}"= TCP:5739es6
"TCP Query User{ABB33150-3B9D-4675-B437-2116A3AAEF14}D:\\spiele\\pes6\\pes6.exe"= UDP:\spiele\pes6\pes6.exees6.exe
"UDP Query User{5EC78FBA-1026-4C2D-8833-F7421C9B6A79}D:\\spiele\\pes6\\pes6.exe"= TCP:\spiele\pes6\pes6.exees6.exe
"{40735C6E-6966-4488-8850-5516B88AA290}"= UDP:\Programme\Alcohol 120\Alcohol.exe:Alcohol 120%
"{D904D988-F0EA-45BC-A0AC-94C8C194674E}"= TCP:\Programme\Alcohol 120\Alcohol.exe:Alcohol 120%
"TCP Query User{0C83F0B7-22E4-4C5D-81F0-58BFCBF96A35}D:\\spiele\\medal of honor - pacific assualt\\mohpa.exe"= UDP:\spiele\medal of honor - pacific assualt\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{CE544E5A-FD70-40B8-B555-0A4D8B30FBB1}D:\\spiele\\medal of honor - pacific assualt\\mohpa.exe"= TCP:\spiele\medal of honor - pacific assualt\mohpa.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{6B6F3A4E-6C72-46C9-A754-FE8436953052}D:\\spiele\\pes6\\pes6.exe"= UDP:\spiele\pes6\pes6.exees6.exe
"UDP Query User{FB989B01-0102-47EB-827F-F1985A41D2AA}D:\\spiele\\pes6\\pes6.exe"= TCP:\spiele\pes6\pes6.exees6.exe
"TCP Query User{ECE7E1D2-B984-488E-8EC9-8305A986FC2F}D:\\programme\\soulseek\\slsk.exe"= UDP:\programme\soulseek\slsk.exe:SoulSeek
"UDP Query User{DEE44272-49B4-4CF3-B31F-174AB30CB027}D:\\programme\\soulseek\\slsk.exe"= TCP:\programme\soulseek\slsk.exe:SoulSeek
"TCP Query User{87F03BA9-0685-4E5B-BDA7-192BEEC83846}D:\\programme\\icq\\icq.exe"= UDP:\programme\icq\icq.exe:ICQ Library
"UDP Query User{B37DF1E7-A3EC-45E1-B884-6D0C16B32299}D:\\programme\\icq\\icq.exe"= TCP:\programme\icq\icq.exe:ICQ Library
"{2953F8FF-47DD-4EE2-8876-FBC918013F45}"= UDP:\Spiele\Battlefield 2\BF2.exe:Battlefield 2
"{637F79C4-63AB-4AC7-89E5-EE626CDE66DE}"= TCP:\Spiele\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{710CEF32-9C0A-4BF0-BCEF-C698DD19C3B8}D:\\spiele\\fear\\fpupdate.exe"= UDP:\spiele\fear\fpupdate.exe:fpupdate
"UDP Query User{A66EE33E-39C4-4A1E-9901-84D7052E3C34}D:\\spiele\\fear\\fpupdate.exe"= TCP:\spiele\fear\fpupdate.exe:fpupdate
"TCP Query User{2A093B39-F953-411B-90C4-2CCCCBB6FA07}D:\\programme\\icq\\icq.exe"= UDP:\programme\icq\icq.exe:ICQ Library
"UDP Query User{16984466-4ECC-4AD1-8E02-7C9C0AA103DD}D:\\programme\\icq\\icq.exe"= TCP:\programme\icq\icq.exe:ICQ Library
"{7128FAC7-2982-4D1E-ACA9-6D2B2B233DAA}"= UDP:C:\Program Files\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exeIE SIEDLER - Aufstieg eines Königreichs
"{DA8FC837-2F8A-482D-A85D-CC43417AE8E6}"= TCP:C:\Program Files\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exeIE SIEDLER - Aufstieg eines Königreichs
"{9041F405-1059-4D2B-92D5-29FA829C72E7}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{D8E56819-EDB3-4F83-85DF-5A797D598BE7}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{DD6E98F0-0EF5-4EE1-BDFD-AE71AA7DC9DA}"= UDP:\Spiele\PES 2008\PES2008.exero Evolution Soccer 2008
"{35D3D561-5E95-4BE0-BEDA-284EB1E3EDC7}"= TCP:\Spiele\PES 2008\PES2008.exero Evolution Soccer 2008
"{5F367B04-5652-44F4-BA2F-F1D479260719}"= UDP:\Spiele\PES 2008\PES2008.exero Evolution Soccer 2008
"{5C9F4813-323B-476F-81D6-954E2E5B7F7A}"= TCP:\Spiele\PES 2008\PES2008.exero Evolution Soccer 2008
"{51A3FE3D-5A74-49BC-9CCE-1BC8DA9D26C8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{1BD9D1BD-1732-4E1A-B5B9-AB68425EAC2B}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{30D94225-BEB8-490F-A106-9556626961AD}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"{309965A4-87D5-43C6-A1C4-26365811E230}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EF08F08C-FD60-4FCF-A6F6-FF83B37F8B66}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{FFB91984-A534-4CC2-9D8B-74F53538CAEE}D:\\programme\\mirc\\mirc.exe"= UDP:\programme\mirc\mirc.exe:mIRC
"UDP Query User{515B19AD-937A-4274-A347-C6579EAA7E81}D:\\programme\\mirc\\mirc.exe"= TCP:\programme\mirc\mirc.exe:mIRC
"TCP Query User{BC12EC2B-B6E2-4B81-8F7F-B25E84864437}C:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{0D057336-DD73-4172-878A-83489BAA18A7}C:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7AECE51E-F6A3-4384-A678-3E932EAC44CD}C:\\program files\\base&e-plus\\umts usb modem manager\\umts usb modem manager.exe"= UDP:C:\program files\base&e-plus\umts usb modem manager\umts usb modem manager.exe:UMTS USB Modem Manager
"UDP Query User{C91F91C6-D09E-49D4-AF89-827125D20C3C}C:\\program files\\base&e-plus\\umts usb modem manager\\umts usb modem manager.exe"= TCP:C:\program files\base&e-plus\umts usb modem manager\umts usb modem manager.exe:UMTS USB Modem Manager

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 23:41]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 Ltn_hyd7700pc;TV tuner device ;C:\Windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-04-17 02:44]
S3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 12:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0517e78d-65c8-11dc-8bfd-001bfc59296d}]
\shell\AutoRun\command - I:\EXPLORER.EXE
\shell\explore\Command - I:\EXPLORER.EXE
\shell\open\Command - I:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e6cb5e4-853a-11dc-94fc-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{330ff992-85b2-11dc-9d7c-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{330ff9a2-85b2-11dc-9d7c-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594fbb34-1ba6-11dd-b658-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594fbb5a-1ba6-11dd-b658-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b58b497-8715-11dc-a332-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b58b498-8715-11dc-a332-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9838d884-c9de-11dc-aa30-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9838d8aa-c9de-11dc-aa30-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9838d8bd-c9de-11dc-aa30-001bfc59296d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9838d8be-c9de-11dc-aa30-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b74663b6-2264-11dd-b320-94ce24c6f710}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baad51cb-80d0-11dc-9f72-028037050300}]
\shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baad51e5-80d0-11dc-9f72-028037050300}]
\shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e84b061a-84a4-11dc-812d-001bfc59296d}]
\shell\AutoRun\command - J:\AutoRun.exe

*Newly Created Service* - ALSYSIO
.
Inhalt des "geplante Tasks" Ordners
"2008-07-01 11:54:18 C:\Windows\Tasks\User_Feed_Synchronization-{E8930B4F-593D-4C8C-93BE-20784F7F9275}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 16:26:22
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\ASUS\ASUS Direct Console\MSNHOOK.DLL
.
Zeit der Fertigstellung: 2008-07-01 16:28:58
ComboFix-quarantined-files.txt 2008-07-01 14:28:50
ComboFix2.txt 2008-06-23 17:22:54

15 Verzeichnis(se), 21,555,032,064 Bytes frei
21 Verzeichnis(se), 21,642,321,920 Bytes frei

374 --- E O F --- 2008-06-27 06:07:05



und nu?? :-)




oh........nach einem erneuten neustart nach combofix gehts jetzt wieder.....hintergrundbild geht und die miniaturansichten werden auch angezeigt.

SAUBER!!! Ich danke schonmal vielmals....

Könntest du mir vielleicht sagen welche reg einträge das waren die sich auf die wallpapers beziehen????

MfG Andi

#4 Hallo,

denke, es war der Eintrag hier:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage

---------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40332C0D-97E4-40A9-9C4C-FDF052DF8DDF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EDC0625-1B0F-467C-9889-817C3DE3D37C}"=-
[-HKEY_CLASSES_ROOT\clsid\{1edc0625-1b0f-467c-9889-817c3de3d37c}]
[-HKEY_CLASSES_ROOT\vrmdtneg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{688779DC-6990-4B13-BD7C-DC75BAD3A49E}]
[-HKEY_CLASSES_ROOT\vrmdtneg]

File::
C:\Windows\system32\iprop32.dll

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden
__________
MfG Sabina

rund um die PC-Sicherheit

#5 das hat nicht so ganz geklappt, hab einen bluescreen bekommen....ich hab aber die reg einträge per hand gelöscht. c:\windows\system32\iprop32.dll gibt es nicht bzw nur ohne die 32. soll ich die trotzdem löschen??

#6 ««
loesche mit OTMoveIt
http://virus-protect.org/artikel/tools/otmoveIt.html
Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\327882R2FWJFW
C:\Windows\system32\iprop32.dll

Klicke auf den Roten MoveIt!

««
dann erstelle ein neues script cfscript.txt (genau nach anleitung) fuer combofix + anwenden

Zitat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40332C0D-97E4-40A9-9C4C-FDF052DF8DDF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EDC0625-1B0F-467C-9889-817C3DE3D37C}"=-
[-HKEY_CLASSES_ROOT\clsid\{1edc0625-1b0f-467c-9889-817c3de3d37c}]
[-HKEY_CLASSES_ROOT\vrmdtneg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{688779DC-6990-4B13-BD7C-DC75BAD3A49E}]
[-HKEY_CLASSES_ROOT\vrmdtneg]

««
berichte, wie es gelaufen ist.....
__________
MfG Sabina

rund um die PC-Sicherheit