TR/Vundo.gen Trojaner

#1 Ich habe den Trojaner bitter hilft mir den zu löschen!

Logfile of HijackThis v1.99.1
Scan saved at 22:34:21, on 30.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\r2 Studios\HideOutlook\HideOutlook.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\SEC\Natural Color Pro\NCProTray.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
D:\Downloaded Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HideOutlook] "C:\Programme\r2 Studios\HideOutlook\HideOutlook.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BM1748272b] Rundll32.exe "C:\WINDOWS\system32\xiuvtcsp.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HyperIM] C:\Programme\HyperIM\HyperIM.exe -min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = C:\Programme\SEC\Natural Color Pro\NCProTray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} (AtlBoxWordCtlAttrib Class) - http://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--691a149e-d11f-4445-ba8e-f0a9759a048a/online/abc_island/en/abcisland.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

#2 Hallo HBG

>>
entferne mit cleaner alle temporären Dateien
http://www.ccleaner.de/?protecus.de

>>
Scanne mit Malwarebytes und poste das Log
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked.
sofern noch vorhanden.........

Zitat

O4 - HKLM\..\Run: [BM1748272b] Rundll32.exe "C:\WINDOWS\system32\xiuvtcsp.dll",s

>>
lade combofix, klicke die Warnmeldung weg + poste den report
http://virus-protect.org/artikel/tools/combofix.html


Gruss Swiss

#3 Hi Tonstudio!

Danke für die schnelle Hilfe.

O4 - HKLM\..\Run: [BM1748272b] Rundll32.exe "C:\WINDOWS\system32\xiuvtcsp.dll",s

dieser eintrag ist nicht mehr da!!!

hier der combofix logfile



ComboFix 08-08-30.01 - Sylvia 2008-08-30 23:02:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1598 [GMT 2:00]
ausgeführt von:: D:\DOWNLOADS\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Sylvia\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\ctevdunq.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-28 bis 2008-08-30 ))))))))))))))))))))))))))))))
.

2008-08-30 22:51 . 2008-08-30 22:51 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-08-30 22:51 . 2008-08-30 22:51 <DIR> d-------- C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Malwarebytes
2008-08-30 22:51 . 2008-08-30 22:51 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-08-30 22:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 22:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 22:48 . 2008-08-30 22:48 <DIR> d-------- C:\Programme\CCleaner
2008-08-30 22:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-30 22:14 . 2008-08-30 22:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-08-28 17:49 . 2008-08-28 17:49 <DIR> d-------- C:\WINDOWS\PC Check-up
2008-08-28 17:49 . 2008-08-28 18:30 <DIR> d-------- C:\Programme\PC Check-up
2008-08-27 21:08 . 2008-05-02 22:58 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Vorlagen
2008-08-27 21:08 . 2008-05-02 19:50 <DIR> dr------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Startmenü
2008-08-27 21:08 . 2008-05-02 19:50 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Netzwerkumgebung
2008-08-27 21:08 . 2008-08-30 23:05 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Lokale Einstellungen
2008-08-27 21:08 . 2008-05-02 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Favoriten
2008-08-27 21:08 . 2008-05-02 19:50 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Druckumgebung
2008-08-27 21:08 . 2008-05-02 19:50 <DIR> dr-h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000\Anwendungsdaten
2008-08-27 21:08 . 2008-08-27 21:56 <DIR> d-------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8.000
2008-08-27 21:07 . 2008-08-30 00:40 <DIR> d-------- C:\Programme\LogMeIn
2008-08-27 21:07 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-08-27 21:07 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-08-27 21:07 . 2008-05-28 12:32 23,736 --a------ C:\WINDOWS\system32\LMImirr.dll
2008-08-27 21:07 . 2008-02-28 15:31 10,144 --a------ C:\WINDOWS\system32\drivers\LMImirr.sys
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Programme\iTunes
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Programme\iPod
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Programme\Bonjour
2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Programme\Apple Software Update
2008-08-27 13:31 . 2008-08-27 13:31 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2008-08-27 13:28 . 2008-08-27 13:28 <DIR> d-------- C:\Programme\Safari
2008-08-20 22:31 . 2008-05-02 22:58 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Vorlagen
2008-08-20 22:31 . 2008-05-02 19:50 <DIR> dr------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Startmenü
2008-08-20 22:31 . 2008-05-02 19:50 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Netzwerkumgebung
2008-08-20 22:31 . 2008-08-30 23:05 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Lokale Einstellungen
2008-08-20 22:31 . 2008-05-02 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Favoriten
2008-08-20 22:31 . 2008-05-02 19:50 <DIR> d--h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Druckumgebung
2008-08-20 22:31 . 2008-05-02 19:50 <DIR> dr-h----- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8\Anwendungsdaten
2008-08-20 22:31 . 2008-08-20 22:32 <DIR> d-------- C:\Dokumente und Einstellungen\LogMeInRemoteUser.SYLVIA-0D26E6A8
2008-08-20 22:30 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll.000.bak
2008-08-17 14:31 . 2008-08-17 14:31 <DIR> d-------- C:\Programme\Lavalys
2008-08-10 22:11 . 2001-08-18 04:22 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-10 22:11 . 2001-08-18 04:22 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-10 22:08 . 2004-08-04 00:57 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-10 22:08 . 2004-08-04 00:57 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-10 22:08 . 2004-08-04 00:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-10 22:08 . 2004-08-04 00:46 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-10 22:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-10 22:07 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-05 19:47 . 2008-08-30 14:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-08-05 19:44 . 2008-08-05 19:44 <DIR> d-------- C:\Programme\PowerISO
2008-07-27 14:02 . 2008-07-27 19:34 <DIR> d-------- C:\Programme\EA GAMES
2008-07-27 14:02 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-27 01:07 . 2008-07-27 10:57 <DIR> d-------- C:\Programme\Spyware Doctor
2008-07-27 01:07 . 2008-07-27 01:07 <DIR> d-------- C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\PC Tools
2008-07-27 01:07 . 2008-08-23 21:43 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-27 01:07 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-27 01:07 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-27 01:07 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-27 01:07 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-21 17:44 . 2008-07-21 17:48 <DIR> d-------- C:\Programme\Camgoo
2008-07-21 13:12 . 2008-07-21 13:13 <DIR> d-------- C:\Programme\Smileys Demo
2008-07-21 13:03 . 2008-07-21 13:11 <DIR> d-------- C:\Programme\Camgoo Demo
2008-07-21 12:58 . 2008-07-21 13:00 <DIR> d-------- C:\Programme\Bubble Frenzy Remix
2008-07-21 12:50 . 2008-07-26 13:13 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-21 12:15 . 2008-07-21 12:15 230,432 --a------ C:\PA7302.DAT
2008-07-21 11:00 . 2008-08-30 19:30 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-21 10:57 . 2008-07-21 10:57 <DIR> d-------- C:\Programme\Video Power
2008-07-21 10:57 . 2008-07-21 10:57 <DIR> d-------- C:\Programme\Game-Cam
2008-07-21 10:57 . 2007-11-08 10:29 458,752 --a------ C:\WINDOWS\system32\drivers\PAC7302.SYS
2008-07-21 10:57 . 2007-11-02 11:07 6,656 --a------ C:\WINDOWS\system32\CoInst_071029.dll
2008-07-16 20:05 . 2008-07-16 20:05 <DIR> d-------- C:\Programme\SEC
2008-07-16 20:05 . 2003-02-24 16:20 827,392 -ra------ C:\WINDOWS\system32\Flash.ocx
2008-07-16 20:05 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
2008-07-15 18:16 . 2008-07-15 18:16 <DIR> d-------- C:\Programme\MiniLyrics
2008-07-15 18:16 . 2008-07-15 18:16 <DIR> d-------- C:\Programme\HyperIM
2008-07-15 18:12 . 2008-07-15 18:12 <DIR> d-------- C:\Programme\YM Status Mixer
2008-07-14 18:27 . 2008-07-14 18:27 <DIR> d-------- C:\Programme\Sun
2008-07-12 15:30 . 2008-07-12 15:32 5,372 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-12 15:27 . 2008-07-12 15:27 <DIR> d-------- C:\Programme\Thoosje Sidebar V2.3
2008-07-12 15:14 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.SYLVIA-0D26E6A8\Vorlagen
2008-07-12 15:14 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.SYLVIA-0D26E6A8\Lokale Einstellungen
2008-07-12 15:14 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.SYLVIA-0D26E6A8\Anwendungsdaten
2008-07-12 15:14 . 2008-07-12 15:20 <DIR> d---s---- C:\Dokumente und Einstellungen\Administrator.SYLVIA-0D26E6A8
2008-07-12 14:50 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-07-12 14:50 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-07-12 14:50 . 2008-07-12 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-07-12 14:50 . 2008-07-12 15:20 <DIR> d---s---- C:\Dokumente und Einstellungen\Administrator
2008-07-12 14:37 . 2008-07-12 15:20 <DIR> d-------- C:\Programme\LClock
2008-07-12 14:35 . 2008-07-12 15:23 <DIR> d-------- C:\VTPFiles
2008-07-12 14:33 . 2006-11-10 18:11 198 --a------ C:\WINDOWS\system32\paypal.url
2008-07-12 14:33 . 2006-05-26 22:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-07-12 14:15 . 2008-07-12 14:21 1,440,054 --a------ C:\WINDOWS\TopThemes Wallpaper.bmp
2008-07-10 19:45 . 2008-07-10 19:45 <DIR> d-------- C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Ahead
2008-07-10 19:43 . 2008-07-10 19:43 <DIR> d-------- C:\Programme\Nero
2008-07-10 19:43 . 2008-07-10 19:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-07-09 17:57 . 2008-07-09 17:57 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2008-07-09 17:57 . 2008-07-09 17:57 <DIR> d-------- C:\Programme\SourceTec
2008-07-09 17:57 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-07-09 17:57 . 2006-03-11 04:48 434,176 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
2008-07-09 17:57 . 2007-03-28 11:27 364,544 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-07-09 17:57 . 2005-07-10 02:12 241,664 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-07-09 17:57 . 2004-08-18 00:04 217,088 --a------ C:\WINDOWS\system32\CoreFLACDecoder.ax
2008-07-09 17:57 . 2007-03-28 16:08 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax
2008-07-09 17:42 . 2008-07-09 17:42 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-07-09 17:42 . 2008-07-09 17:42 <DIR> d-------- C:\Program Files
2008-07-07 23:27 . 2008-07-07 23:27 162,304 --a------ C:\Dokumente und Einstellungen\Sylvia\lame_enc.dll
2008-07-07 23:27 . 2008-07-07 23:27 57,344 --a------ C:\Dokumente und Einstellungen\Sylvia\lametritonus.dll
2008-07-07 22:05 . 2008-07-07 22:05 162,304 --a------ C:\Dokumente und Einstellungen\Sylvia\lame_enc_en.dll
2008-07-07 22:05 . 2008-07-07 22:05 53,248 --a------ C:\Dokumente und Einstellungen\Sylvia\lametritonus_en.dll
2008-07-06 19:18 . 2008-07-06 19:19 32,544 --a------ C:\WINDOWS\king-uninstall.exe
2008-07-05 23:37 . 2008-07-05 23:37 0 --a------ C:\config.ini
2008-07-01 06:32 . 2008-07-01 06:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 20:16 --------- d-----w C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DNA
2008-08-30 20:16 --------- d-----w C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\BitTorrent
2008-08-30 20:15 --------- d-----w C:\Programme\Java
2008-08-30 19:42 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-08-30 08:04 --------- d-----w C:\Programme\DNA
2008-08-28 13:26 --------- d-----w C:\Programme\Winamp
2008-08-27 11:32 --------- d-----w C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Apple Computer
2008-08-27 11:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-08-26 04:29 --------- d-----w C:\Programme\Winamp Remote
2008-08-24 18:06 --------- d-----w C:\Programme\Premiere TV Guide 1.0
2008-08-14 05:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-08-13 16:26 --------- d-----w C:\Programme\PokerStars.NET
2008-08-12 17:44 --------- d-----w C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\LimeWire
2008-08-10 20:51 --------- d-----w C:\Programme\TuneUp Utilities 2007
2008-08-05 17:48 --------- d-----w C:\Programme\Google
2008-07-22 04:25 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 13:32 71,602 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-07-12 13:26 --------- d-----w C:\Programme\UberIcon
2008-07-12 12:35 219,648 ----a-w C:\WINDOWS\system32\uxtheme.tmp
2008-07-09 15:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-09 15:42 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 22:53 --------- d-----w C:\Programme\Buddy Spy
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 665,088 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 09:03 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-15 21:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-28 04:22 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-28 04:22 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-28 04:21 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-28 04:21 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 06:12 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-22 06:12 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-22 06:12 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-07 05:14 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 19:45 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-28 12:30 8,784 ----a-w C:\Programme\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Programme\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2007-06-13 15:21 978944 01a48faef0ffc2e6a0763de98f5ba4a6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 01:57 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 978944 01a48faef0ffc2e6a0763de98f5ba4a6 C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"HyperIM"="C:\Programme\HyperIM\HyperIM.exe" [2007-11-18 20:23 220672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-17 21:28 266497]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HDAudDeck"="C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 11:51 811008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"HideOutlook"="C:\Programme\r2 Studios\HideOutlook\HideOutlook.exe" [2002-06-09 10:43 69632]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-07-09 17:42 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"LogMeIn GUI"="C:\Programme\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:57 15360]

C:\Dokumente und Einstellungen\Sylvia\Startmen�\Programme\Autostart\
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2008-05-18 11:26:46 598016]
NCProTray.lnk - C:\Programme\SEC\Natural Color Pro\NCProTray.exe [2008-07-16 20:05:06 49220]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\DNA\\btdna.exe"=
"C:\\Programme\\BitTorrent\\bittorrent.exe"=
"C:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programme\\Custom Content Manager\\CCM.exe"=
"C:\\Programme\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe"=
"C:\\Programme\\AIM6\\aim6.exe"=
"C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Spadester\\spades.exe"=
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\NetMeeting\\conf.exe"=
"D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\hl2.exe"=
"D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\srcds.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 09:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 05:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 09:26]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-17 21:28]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-17 21:28]
R2 AVEService;Avira AntiVir Premium MailGuard Hilfsdienst;C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-17 21:28]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programme\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:58]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Programme\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 05:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-08-29 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 05:08]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-LMIinit - LMIinit.dll
Notify-opnkhEvW - opnkhEvW.dll


.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Mozilla\Firefox\Profiles\y3apahkn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - C:\Programme\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programme\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npmidas.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Programme\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 23:05:46
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-08-30 23:08:12
ComboFix-quarantined-files.txt 2008-08-30 21:08:04

Pre-Run: 9 Verzeichnis(se), 169,974,329,344 Bytes frei
Post-Run: 12 Verzeichnis(se), 170,067,427,328 Bytes frei

332 --- E O F --- 2008-08-14 05:11:12

#4 HBG

>>
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Poste das Log von Malwarebytes.

>>
Wende sdfix im abgesicherten Modus an und poste das Log:
http://virus-protect.org/artikel/tools/sdfix.html

>>
Poste ein neues HiJACKTHIS Log, lade Dir jedoch vorerst die aktuelle Version.
http://virus-protect.org/hijackthis.html

Deine Version ist:
HijackThis v1.99.1

>>
Sagt Dir folgendes Programm etwas:
C:\Programme\PC Check-up


Gruss Swiss

#5 ich habe sdfix im abgesicherten modus laufen lasse... also der installiert und dann passiert nichts... habe auch keinen log bekommen.

pc checkup ist ein cleaner/scanner...


maleware log

Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1099
Windows 5.1.2600 Service Pack 2

22:54:25 30.08.2008
mbam-log-08-30-2008 (22-54-25).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 53167
Laufzeit: 1 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\ddcDtrqP.dll (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d11dc545-66da-4048-a9cc-7a057cd02c24} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d11dc545-66da-4048-a9cc-7a057cd02c24} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1748272b (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdtrqp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdtrqp -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\ddcDtrqP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\PqrtDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PqrtDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYRijK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNfFxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1748272b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1748272b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#6 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:31, on 30.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\r2 Studios\HideOutlook\HideOutlook.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Programme\HyperIM\HyperIM.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\SEC\Natural Color Pro\NCProTray.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\LogMeIn\x86\RaMaint.exe
C:\Programme\LogMeIn\x86\LogMeIn.exe
C:\Programme\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HideOutlook] "C:\Programme\r2 Studios\HideOutlook\HideOutlook.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HyperIM] C:\Programme\HyperIM\HyperIM.exe -min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = C:\Programme\SEC\Natural Color Pro\NCProTray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} (AtlBoxWordCtlAttrib Class) - http://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--691a149e-d11f-4445-ba8e-f0a9759a048a/online/abc_island/en/abcisland.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 11044 bytes

#7 HBG

Hast dies genau so gemacht?

Solltest eine Datei namens:
RunThis.bat
auf dem Desktop haben, da musst du doppelt klicken

schreibe: Y

folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag hier.

Gruss Swiss[/b]

#8 ja ich habe es jetzt gemacht... habe es vorher nicht gelesen dachte der macht das automatisch... sorry

hier der log




SDFix: Version 1.220
Run by Administrator on 30.08.2008 at 23:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 23:58:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:aba9b18b
"s2"=dword:b4d0d3da
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:74,fb,e3,c1,af,b1,7d,16,0a,fd,11,39,c7,c1,e0,d7,10,04,6f,cb,b7,..
"p0"="C:\Programme\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,3f,72,fa,e9,19,76,02,57,ed,9b,52,15,93,5e,8a,45,..
"khjeh"=hex:de,73,26,f4,69,9b,c8,70,67,cb,a5,cb,18,3e,81,96,27,90,93,f1,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2b,e0,99,d8,81,51,13,76,78,d8,9d,95,6e,56,f1,b8,f9,5c,b6,c3,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:74,fb,e3,c1,af,b1,7d,16,0a,fd,11,39,c7,c1,e0,d7,10,04,6f,cb,b7,..
"p0"="C:\Programme\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,3f,72,fa,e9,19,76,02,57,ed,9b,52,15,93,5e,8a,45,..
"khjeh"=hex:de,73,26,f4,69,9b,c8,70,67,cb,a5,cb,18,3e,81,96,27,90,93,f1,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2b,e0,99,d8,81,51,13,76,78,d8,9d,95,6e,56,f1,b8,f9,5c,b6,c3,84,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000073
"TracesSuccessful"=dword:0000000b

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\DNA\\btdna.exe"="C:\\Programme\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programme\\TVUPlayer\\TVUPlayer.exe"="C:\\Programme\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Programme\\Custom Content Manager\\CCM.exe"="C:\\Programme\\Custom Content Manager\\CCM.exe:*:Enabled:CCM"
"C:\\Programme\\SecondLifeReleaseCandidate\\SLVoice.exe"="C:\\Programme\\SecondLifeReleaseCandidate\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Programme\\AIM6\\aim6.exe"="C:\\Programme\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Spadester\\spades.exe"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Spadester\\spades.exe:*:Enabled:spades"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programme\\NetMeeting\\conf.exe"="C:\\Programme\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\hl2.exe"="D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\hl2.exe:*:Enabled:hl2"
"D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\srcds.exe"="D:\\Torrent Download\\Incoming\\Half.Life.2.PC..WwW.DivX-Es.CoM\\srcds.exe:*:Enabled:srcds"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 9 May 2008 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"

Finished!

#9 Ich merke dass AntiVir keine Trojaner Meldung mehr anzeigt

#10 Über Viewpoint http://www.bleepingcomputer.com/forums/topic120989.html
__________
MfG Argus