TR/Dropper.SPI.77 altes Problem

#0
22.11.2008, 02:29
...neu hier

Beiträge: 3
#1 Bloß was ihr schreibt hat bei mir nicht funktioniert,
Malware zeigt mir nichts mehr an nur antivir, aber soll ich die Datei löschen oder blockieren oder was soll ich mit denen machen?

Comboscan hat mir das gezeigt

ComboScan v20070226.18 run by Gero on 2008-11-22 at 02:18:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2008-11-22 02:19:00
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Softex\OmniPass\OmniServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Common Files\X10\Common\X10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\WButton.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Microsoft ActiveSync\rapimgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Gero\Desktop\comboscan\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: # 60 more entries remain in hosts file.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\OPXPGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"
O23 - Service: Warndienst (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: Anwendungsverwaltung (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Ati HotKey Poller - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Computerbrowser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Bluetooth Service (btwdins) - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Indexdienst (cisvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: Ablagemappe (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
O23 - Service: COM+-Systemanwendung (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Kryptografiedienste (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: DCOM-Server-Prozessstart (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: DHCP-Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Verwaltung logischer Datenträger (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS-Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Automatische Konfiguration (verkabelt) (Dot3svc) - C:\WINDOWS\System32\svchost.exe -k dot3svc
O23 - Service: Extensible Authentication-Protokolldienst (EapHost) - C:\WINDOWS\System32\svchost.exe -k eapsvcs
O23 - Service: Fehlerberichterstattungsdienst (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Ereignisprotokoll (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+-Ereignissystem (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Kompatibilität für schnelle Benutzerumschaltung (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Fax - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Hilfe und Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Eingabegerätezugang (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Integritätsschlüssel- und Zertifikatverwaltungsdienst (hkmsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP-SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: InstallDriver Table Manager (IDriverT) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: IMAPI-CD-Brenn-COM-Dienste (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Infrarotüberwachung (Irmon) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Arbeitsstationsdienst (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: TCP/IP-NetBIOS-Hilfsprogramm (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Nachrichtendienst (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting-Remotedesktop-Freigabe (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: NAP-Agent (Network Access Protection) (napagent) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Netzwerk-DDE-Dienst (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Netzwerk-DDE-Serverdienst (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Anmeldedienst (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Netzwerkverbindungen (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NLA (Network Location Awareness) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NT-LM-Sicherheitsdienst (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Wechselmedien (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Softex OmniPass Service (omniserv) - C:\Programme\Softex\OmniPass\OmniServ.exe
O23 - Service: Plug & Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC-Dienste (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Geschützter Speicher (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Verwaltung für automatische RAS-Verbindung (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: RAS-Verbindungsverwaltung (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Sitzungs-Manager für Remotedesktophilfe (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing und RAS (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: RPC-Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remoteprozeduraufruf (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS-RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Sicherheitskontenverwaltung (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smartcard (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Taskplaner (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Sekundäre Anmeldung (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Systemereignisbenachrichtigung (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ServiceLayer - "C:\Programme\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Shellhardwareerkennung (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Programme\Sygate\SPF\Smc.exe
O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Systemwiederherstellungsdienst (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: SSDP-Suchdienst (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows-Bilderfassung (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{6316663A-46CC-4ACB-B8C3-FE126445EB87}
O23 - Service: Leistungsdatenprotokolle und Warnungen (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonie (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminaldienste (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Designs (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Überwachung verteilter Verknüpfungen (Client) (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universeller Plug & Play-Gerätehost (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Unterbrechungsfreie Stromversorgung (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - "C:\Programme\MSN Messenger\usnsvc.exe"
O23 - Service: TuneUp Designerweiterung (UxTuneUp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Volumeschattenkopie (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows-Zeitgeber (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows-Verwaltungsinstrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI-Leistungsadapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Sicherheitscenter (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatische Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
O23 - Service: Konfigurationsfreie drahtlose Verbindung (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: X10 Device Network Service (x10nets) - C:\Programme\Common Files\X10\Common\X10nets.exe
O23 - Service: Netzwerkversorgungsdienst (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3S 3xHybrid (3xHybrid service) - C:\WINDOWS\system32\drivers\3xHybrid.sys
0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys
3S actser - C:\WINDOWS\system32\drivers\actser.sys
3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3R Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R ATSWPDRV (AuthenTec TruePrint USB Driver (AES2500)) - C:\WINDOWS\system32\drivers\ATSwpDrv.sys
1R avgio - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
3R avgntflt - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
1R avipbb - C:\WINDOWS\system32\drivers\avipbb.sys
3S AVMUNET (AVM FRITZ!Box) - C:\WINDOWS\system32\drivers\avmunet.sys
3S BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
3S BrSerIf (Brother MFC Serial Port Interface WDM Driver) - C:\WINDOWS\system32\drivers\BrSerIf.sys
3S BrUsbSer (Brother MFC USB Serial WDM Driver) - C:\WINDOWS\system32\drivers\BrUsbSer.sys
3S BTDriver (Virtueller Bluetooth-Kommunikationstreiber) - C:\WINDOWS\system32\drivers\btport.sys
3R BTKRNL (Bluetooth-Bus-Enumerator) - C:\WINDOWS\system32\drivers\btkrnl.sys
2R BTSERIAL (Bluetooth Serial Driver) - C:\WINDOWS\system32\drivers\btserial.sys
2R BTSLBCSP (Bluetooth Port Client Driver) - C:\WINDOWS\system32\drivers\btslbcsp.sys
3S btwmodem (Bluetooth-Modem) - C:\WINDOWS\system32\drivers\btwmodem.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
3S dot4 (MS IEEE-1284.4-Treiber) - C:\WINDOWS\system32\drivers\dot4.sys
3S Dot4Print (Druckerklassentreiber für IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys
3S dot4usb (MS Dot4USB Filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys
3S flash - C:\WINDOWS\system32\drivers\flash.sys
3S HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3R HDAudBus (Microsoft UAA-Bustreiber für High Definition Audio) - C:\WINDOWS\system32\drivers\hdaudbus.sys
3R HidUsb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
1R Hotkey - C:\WINDOWS\system32\drivers\HOTKEY.sys
0S INO_FLPY - C:\WINDOWS\system32\Drivers\ino_flpy.sys (not found)
2S INO_FLTR - C:\WINDOWS\system32\Drivers\ino_fltr.sys (not found)
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA-Protokoll) - C:\WINDOWS\system32\drivers\irda.sys
3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE-Filter) - C:\WINDOWS\system32\drivers\mpe.sys
3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\msircomm.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys
3S NETFWDSL (AVM FRITZ!web DSL PPP) - C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS (not found)
3R NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
3R NSCIRDA (NSC-Infrarotgerätetreiber) - C:\WINDOWS\system32\drivers\nscirda.sys
0R ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Rasirda (WAN-Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
0R sbp2port (Bustreiber für SBP2-Transport/Protokoll) - C:\WINDOWS\system32\drivers\sbp2port.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
3S sffdisk (SFF-Speicherklassentreiber) - C:\WINDOWS\system32\drivers\sffdisk.sys
3S sffp_sd (SFF-Speicherprotokolltreiber für SDBus) - C:\WINDOWS\system32\drivers\sffp_sd.sys
3S siusbmod - C:\WINDOWS\system32\drivers\siusbmod.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
0R snapman380 (Acronis Snapshots Manager (Build 380)) - C:\WINDOWS\system32\drivers\snman380.sys
1R ssmdrv - C:\WINDOWS\system32\drivers\ssmdrv.sys
3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
0R tdrpman147 (Acronis Try&Decide and Restore Points filter (build 147)) - C:\WINDOWS\system32\drivers\tdrpm147.sys
0R Teefer (Teefer for NT) - C:\WINDOWS\system32\drivers\Teefer.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
2R tifsfilter (Acronis True Image FS Filter) - C:\WINDOWS\system32\drivers\tifsfilt.sys
0R timounter (Acronis True Image Backup Archive Explorer) - C:\WINDOWS\system32\drivers\timntr.sys
3S usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3R vsbus (Virtual Serial Bus Enumerator) - C:\WINDOWS\system32\drivers\vsb.sys
3S vserial (ELTIMA Virtual Serial Ports Driver) - C:\WINDOWS\system32\drivers\vserial.sys
3R w29n51 (Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP) - C:\WINDOWS\system32\drivers\w29n51.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
1S Wbutton - C:\WINDOWS\system32\drivers\Wbutton.sys (not found)
2R wg3n (SyGate for NT, wg3n) - C:\WINDOWS\system32\drivers\wg3n.sys
1R wpsdrvnt - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R AcrSch2Svc (Acronis Scheduler2 Service) - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"
2R AntiVirScheduler (Avira AntiVir Personal - Free Antivirus Planer) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"
2R AntiVirService (Avira AntiVir Personal - Free Antivirus Guard) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R btwdins (Bluetooth Service) - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2R CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
3S de_serv (AVM FRITZ!web Routing Service) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
3S Dot3svc (Automatische Konfiguration (verkabelt)) - C:\WINDOWS\System32\svchost.exe -k dot3svc
3S EapHost (Extensible Authentication-Protokolldienst) - C:\WINDOWS\System32\svchost.exe -k eapsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S hkmsvc (Integritätsschlüssel- und Zertifikatverwaltungsdienst) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
2R Irmon (Infrarotüberwachung) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S napagent (NAP-Agent (Network Access Protection)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R omniserv (Softex OmniPass Service) - C:\Programme\Softex\OmniPass\Omniserv.exe
2R PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
3S ServiceLayer - "C:\Programme\PC Connectivity Solution\ServiceLayer.exe"
2R SmcService (Sygate Personal Firewall) - C:\Programme\Sygate\SPF\smc.exe
3S TuneUp.Defrag (TuneUp Drive Defrag-Dienst) - C:\WINDOWS\System32\TuneUpDefragService.exe
2S TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3R usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\MSN Messenger\usnsvc.exe"
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- Files created between 2008-10-22 and 2008-11-22 ------------------------------

2008-11-22 01:48:53 0 d-------- C:\WINDOWS\Prefetch
2008-11-22 01:47:07 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0>
2008-11-22 00:50:31 15504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-22 00:50:29 38496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys<MBAMSW~1.SYS>
2008-11-22 00:50:27 0 d-------- C:\Programme\Malwarebytes' Anti-Malware<MALWAR~1>
2008-11-22 00:07:53 0 d-------- C:\Programme\Trend Micro<TRENDM~1>
2008-11-21 23:29:54 21248 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-11-21 23:29:54 22336 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-11-21 23:29:54 45376 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-11-21 23:29:51 75072 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-11-21 23:29:48 0 d-------- C:\Programme\Avira
2008-11-21 23:17:09 0 d-------- C:\Programme\Autorun Eater<AUTORU~1>
2008-11-21 23:12:13 0 d-------- C:\WINDOWS\pss
2008-10-29 14:16:45 971232 --a------ C:\WINDOWS\system32\drivers\tdrpm147.sys
2008-10-29 14:16:05 134272 --a------ C:\WINDOWS\system32\drivers\snman380.sys
2008-10-22 06:10:07 185344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2008-10-22 06:10:03 10752 --a------ C:\WINDOWS\system32\c_iscii.dll
2008-10-22 06:10:00 5632 --a------ C:\WINDOWS\system32\kbdusa.dll
2008-10-22 06:09:51 6144 --a------ C:\WINDOWS\system32\ftlx041e.dll


-- Find3M Report ----------------------------------------------------------------

2008-11-22 01:55:20 47862 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\wklnhst.dat
2008-11-22 01:55:03 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2008-11-22 00:50:33 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Malwarebytes<MALWAR~1>
2008-11-21 23:42:24 111928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-11-21 23:14:44 0 d-------- C:\Programme\Home Cinema<HOMECI~1>
2008-11-21 23:14:43 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2008-11-21 23:11:29 0 d-------- C:\Programme\s25atonce<S25ATO~1>
2008-11-21 23:10:18 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2008-11-21 22:56:08 424324 --a------ C:\WINDOWS\system32\perfh007.dat
2008-11-21 22:56:07 78794 --a------ C:\WINDOWS\system32\perfc007.dat
2008-10-29 17:21:59 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Acronis
2008-10-29 14:18:39 0 d-------- C:\Programme\Gemeinsame Dateien\Acronis
2008-10-27 21:55:30 0 d-------- C:\Programme\Paint Shop Pro 6<PAINTS~1>
2008-10-12 20:31:51 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Skype
2008-10-12 15:21:40 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>
2008-10-12 15:09:18 0 d-------- C:\Programme\Messenger<MESSEN~1>
2008-10-12 15:02:43 0 d-------- C:\Programme\Movie Maker<MOVIEM~1>
2008-10-12 14:57:53 0 d-------- C:\Programme\Windows NT<WINDOW~1>
2008-10-12 14:57:45 0 d-------- C:\Programme\Gemeinsame Dateien\System
2008-10-12 10:46:34 0 d-------- C:\Programme\DivX
2008-10-03 17:58:14 6066176 --a------ C:\WINDOWS\system32\ieframe.dll
2008-09-30 17:26:50 0 d-------- C:\Programme\Wolfenstein - Enemy Territory<WOLFEN~1>
2008-09-30 17:18:30 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-30 16:43:34 1286152 --a------ C:\WINDOWS\system32\msxml4.dll
2008-09-28 22:04:50 0 d-------- C:\Programme\ICQ6
2008-09-16 21:12:58 222488 --a------ C:\WINDOWS\system32\snapapi.dll
2008-09-16 01:12:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-09-16 01:12:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-09-15 16:24:02 1846528 --a------ C:\WINDOWS\system32\win32k.sys
2008-09-10 02:13:38 1307648 -----n--- C:\WINDOWS\system32\msxml6.dll
2008-09-04 18:15:03 1106944 --a------ C:\WINDOWS\system32\msxml3.dll
2008-09-04 11:16:15 65328 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2008-08-26 08:57:22 233472 --a------ C:\WINDOWS\system32\webcheck.dll
2008-08-26 08:57:21 105984 --a------ C:\WINDOWS\system32\url.dll
2008-08-26 08:57:21 102912 --a------ C:\WINDOWS\system32\occache.dll
2008-08-26 08:57:19 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2008-08-26 08:57:19 459264 --a------ C:\WINDOWS\system32\msfeeds.dll
2008-08-26 08:57:18 267776 --a------ C:\WINDOWS\system32\iertutil.dll
2008-08-26 08:57:18 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2008-08-26 08:57:15 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 08:57:15 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 08:57:15 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2008-08-26 08:57:15 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2008-08-26 08:57:15 63488 --a------ C:\WINDOWS\system32\icardie.dll
2008-08-26 08:57:14 124928 --a------ C:\WINDOWS\system32\advpack.dll
2008-08-25 09:38:00 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2008-08-25 09:37:31 70656 --a------ C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 06:54:51 161792 --a------ C:\WINDOWS\system32\ieakui.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATSwpNav"="\"C:\\Programme\\Fingerprint Sensor\\ATSwpNav\" -run"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\""
"CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\""
"Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\""
"OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
@=""
"SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\""
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Alcmtr"="ALCMTR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"BrMfcWnd"="C:\\Programme\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\\Programme\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"IndexSearch"="\"C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"PaperPort PTD"="\"C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"Autorun Eater"="C:\\Programme\\Autorun Eater\\oldmcdonald.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TimounterMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
eapsvcs REG_MULTI_SZ eaphost\0\0
dot3svc REG_MULTI_SZ dot3svc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
napagent
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f12370-8469-11da-8d7d-000ae4ae10e3}]
Shell\AutoRun\command I:\preinst.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94bf5e-ef59-11dc-bc5d-000ae4ae10e3}]
shell\verb1\command desktop.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}]
Shell\AutoRun\command appsetup.exe


-- End of ComboScan: finished at 2008-11-22 at 02:19:20 -------------------------

WAS nun?
Seitenanfang Seitenende
22.11.2008, 08:27
Moderator

Beiträge: 7805
#2 Wo findet/meldet Antivir diesen Trojaner und erstelle und poste bitte ein Combofix Report
http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
24.11.2008, 00:33
...neu hier

Themenstarter

Beiträge: 3
#3 Combofix report, wie mache ich diesen? die Erstellung habe ich mit Comboscan gemacht und den Trojaner, eigentlich in manchen Temp ordnern und sonstigen Dateien! Die Festplatte kann ich nicht neu draufhauen, weil ich zu viele wichtige Daten drauf habe, wenn ich alle sicher und wieder rüberzieh, ist er denk ich auch wieder mit drauf! Was ist, wnen ich mit Antivir im MS-Dos modus den Trojaner entferne?
Seitenanfang Seitenende
24.11.2008, 08:16
Moderator

Beiträge: 7805
#4 SChau in obigen Link, dort ist es beschrieben...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
24.11.2008, 21:29
...neu hier

Themenstarter

Beiträge: 3
#5 Ok,
also Trojaner wird in dieser Datei gefunden mehrmals, also andere Zahlen am Ende

'C:\System Volume Information\_restore{53C4C432-4C83-4FAB-ABF0-92303FF6D88A}\RP30\A0006672.com'

C:\WINDOWS\Temp\tmp5.tmp

und habe diese mit Antivir erstma in Quarantäne getan, hoffe das ist richtig?

Malwarebytes:

keine Infizierung gefunden, siehe Anhang


So Combo zeigt das an

ComboScan v20070226.18 run by Gero on 2008-11-24 at 21:25:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gero.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:25:50, on 24.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Gero\Desktop\comboscan\comboscan.exe
C:\PROGRA~1\HIJACK~1\Gero.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {DAA3903C-AC88-4D16-B050-F21EB1F79BE6} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-- Files created between 2008-10-24 and 2008-11-24 ------------------------------

2008-11-24 21:24:20 0 d-------- C:\Programme\HijackThis<HIJACK~1>
2008-11-24 20:33:03 0 d-------- C:\WINDOWS\LastGood
2008-11-22 01:48:53 0 d-------- C:\WINDOWS\Prefetch
2008-11-22 01:47:07 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0>
2008-11-22 00:50:31 15504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-22 00:50:29 38496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys<MBAMSW~1.SYS>
2008-11-22 00:50:27 0 d-------- C:\Programme\Malwarebytes' Anti-Malware<MALWAR~1>
2008-11-22 00:07:53 0 d-------- C:\Programme\Trend Micro<TRENDM~1>
2008-11-21 23:29:54 21248 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-11-21 23:29:54 22336 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-11-21 23:29:54 45376 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-11-21 23:29:51 75072 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-11-21 23:29:48 0 d-------- C:\Programme\Avira
2008-11-21 23:17:09 0 d-------- C:\Programme\Autorun Eater<AUTORU~1>
2008-11-21 23:12:13 0 d-------- C:\WINDOWS\pss
2008-10-29 14:16:45 971232 --a------ C:\WINDOWS\system32\drivers\tdrpm147.sys
2008-10-29 14:16:05 134272 --a------ C:\WINDOWS\system32\drivers\snman380.sys


-- Find3M Report ----------------------------------------------------------------

2008-11-24 20:43:28 0 d-------- C:\Programme\Gemeinsame Dateien\Acronis
2008-11-24 20:15:06 0 d-------- C:\Programme\Paint Shop Pro 6<PAINTS~1>
2008-11-24 01:59:35 47824 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\wklnhst.dat
2008-11-22 01:55:03 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2008-11-22 00:50:33 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Malwarebytes<MALWAR~1>
2008-11-21 23:42:24 111928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-11-21 23:14:44 0 d-------- C:\Programme\Home Cinema<HOMECI~1>
2008-11-21 23:14:43 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2008-11-21 23:11:29 0 d-------- C:\Programme\s25atonce<S25ATO~1>
2008-11-21 23:10:18 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2008-11-21 22:56:08 424324 --a------ C:\WINDOWS\system32\perfh007.dat
2008-11-21 22:56:07 78794 --a------ C:\WINDOWS\system32\perfc007.dat
2008-10-29 17:21:59 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Acronis
2008-10-16 14:13:40 202776 --a------ C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 1809944 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 323608 --a------ C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 561688 --a------ C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 43544 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 51224 --a------ C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 92696 --a------ C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 34328 --a------ C:\WINDOWS\system32\wups.dll
2008-10-12 20:31:51 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Skype
2008-10-12 15:21:40 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>
2008-10-12 15:09:18 0 d-------- C:\Programme\Messenger<MESSEN~1>
2008-10-12 15:02:43 0 d-------- C:\Programme\Movie Maker<MOVIEM~1>
2008-10-12 14:57:53 0 d-------- C:\Programme\Windows NT<WINDOW~1>
2008-10-12 14:57:45 0 d-------- C:\Programme\Gemeinsame Dateien\System
2008-10-12 10:46:34 0 d-------- C:\Programme\DivX
2008-10-03 17:58:14 6066176 --a------ C:\WINDOWS\system32\ieframe.dll
2008-09-30 17:26:50 0 d-------- C:\Programme\Wolfenstein - Enemy Territory<WOLFEN~1>
2008-09-30 17:18:30 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-30 16:43:34 1286152 --a------ C:\WINDOWS\system32\msxml4.dll
2008-09-28 22:04:50 0 d-------- C:\Programme\ICQ6
2008-09-16 01:12:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-09-16 01:12:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-09-15 16:24:02 1846528 --a------ C:\WINDOWS\system32\win32k.sys
2008-09-10 02:13:38 1307648 -----n--- C:\WINDOWS\system32\msxml6.dll
2008-09-04 18:15:03 1106944 --a------ C:\WINDOWS\system32\msxml3.dll
2008-09-04 11:16:15 65328 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2008-08-26 08:57:22 233472 --a------ C:\WINDOWS\system32\webcheck.dll
2008-08-26 08:57:21 105984 --a------ C:\WINDOWS\system32\url.dll
2008-08-26 08:57:21 102912 --a------ C:\WINDOWS\system32\occache.dll
2008-08-26 08:57:19 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2008-08-26 08:57:19 459264 --a------ C:\WINDOWS\system32\msfeeds.dll
2008-08-26 08:57:18 267776 --a------ C:\WINDOWS\system32\iertutil.dll
2008-08-26 08:57:18 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2008-08-26 08:57:15 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 08:57:15 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 08:57:15 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2008-08-26 08:57:15 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2008-08-26 08:57:15 63488 --a------ C:\WINDOWS\system32\icardie.dll
2008-08-26 08:57:14 124928 --a------ C:\WINDOWS\system32\advpack.dll
2008-08-25 09:38:00 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2008-08-25 09:37:31 70656 --a------ C:\WINDOWS\system32\ie4uinit.exe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATSwpNav"="\"C:\\Programme\\Fingerprint Sensor\\ATSwpNav\" -run"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\""
"CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\""
"Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\""
"OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
@=""
"SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\""
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*___MsiRebootRequired___"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Alcmtr"="ALCMTR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"BrMfcWnd"="C:\\Programme\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\\Programme\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"IndexSearch"="\"C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"PaperPort PTD"="\"C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"Autorun Eater"="C:\\Programme\\Autorun Eater\\oldmcdonald.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TimounterMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
eapsvcs REG_MULTI_SZ eaphost\0\0
dot3svc REG_MULTI_SZ dot3svc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
napagent
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f12370-8469-11da-8d7d-000ae4ae10e3}]
Shell\AutoRun\command I:\preinst.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94bf5e-ef59-11dc-bc5d-000ae4ae10e3}]
shell\verb1\command desktop.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}]
Shell\AutoRun\command appsetup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MBAMSWISSARMY


-- End of ComboScan: finished at 2008-11-24 at 21:26:16 -------------------------

So und hier der LOG von Hijack

Logfile of HijackThis v1.99.1
Scan saved at 21:28:12, on 24.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {DAA3903C-AC88-4D16-B050-F21EB1F79BE6} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Aber da is zeugs drauf, was ich schon lange gelöscht habe, wie TU 2006

Und Hijack Uninstall Manager


ACDSee 32
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0 - Deutsch
Arles Image Web Page Creator 4.93
AT Navigation Control
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Autorun Eater v2.2
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
BearShare
Brother MFL-Pro Suite
DAEMON Tools
DivX Player
DivX Pro
DivX Web Player
FaceFilter Studio Brother Edition
FLV Player 1.3.3
Free KGB Key Logger
Google Earth
Grand Theft Auto San Andreas
High Definition Audio Driver Package - KB888111
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 1.99.1
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows XP (KB952287)
hp LaserJet 1010 Series
ICQ Toolbar
ICQ6
J2SE Runtime Environment 5.0 Update 4
Launch Manager V1.2.4
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Medion GoPal Assistant 4.00.0003
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft AutoRoute 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows-Journal-Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite-Add-Ins für Microsoft Word
Mobile Modem Assistant
Mobile Phone Manager
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
OmniPass
Paint Shop Pro 6.0 Evaluation
PaperPort Image Printer
PC Connectivity Solution
PowerCinema
PowerCinema Linux 4.7
PowerDVD
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Setup-Start von Microsoft Works 2005
Shockwave
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 10 (KB936782)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Skype 2.0
SmartSync
Sygate Personal Firewall
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TuneUp Utilities 2008
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
VideoLAN VLC media player 0.8.1
Viewpoint Media Player
WIDCOMM Bluetooth Software
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3
Windows-Sicherungsprogramm
WinRAR
Wolfenstein - Enemy Territory
X10 Hardware(TM)


Also Antivir erkennt den Trojaner aber Malware eben nicht?? Soll ich den mit antivir löschen oder Quarantäne?

Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: