TR/Crypt.XPACK.Gen von AntiVir gefunden

#1 Hallo,

da ich weiß das ihr die besten seits komm ich gleich zu euch:
Hab mir da was eingefangen, weil ich einmal geglaubt habe das es ok ist... aber so wies ausschaut wurde die oebb.at seite selber gehackt
Naja ich hab dann diesen AntiVir360 installiert und ne halbe stunde drauf schlug AntiVir Alarm: TR/Crypt.XPACK.Gen gefunden in:
c:\Windows\system32\reyeyato.dll
c:\windows\system32\humimeku.dll

Das Log vom Malwarebytes ist angehängt und das vom Combofix gibt es hier:

Zitat

ComboFix 08-12-13.03 - *----* 2008-12-14 4:15:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.530 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\*----*\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\IE4 Error Log.txt
c:\windows\system32\ayoruton.ini
c:\windows\system32\bodulava.dll
c:\windows\system32\buhabova.dll
c:\windows\system32\Cfx32.lic
c:\windows\system32\cfx32.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\kopafunu.dll
c:\windows\system32\noturoya.dll
c:\windows\system32\packet.dll
c:\windows\system32\pehoneyo.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tugorola.dll
c:\windows\system32\unufapok.ini
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\yajorupo.dll
c:\windows\system32\zuwonoki.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2008-11-14 bis 2008-12-14 ))))))))))))))))))))))))))))))
.

2008-12-14 00:49 . 2008-12-14 00:49 <DIR> d-------- c:\dokumente und einstellungen\*-------*\Anwendungsdaten\Malwarebytes
2008-12-14 00:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 00:47 . 2008-12-14 00:48 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2008-12-14 00:47 . 2008-12-14 00:47 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-14 00:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 13:31 . 2008-12-13 13:32 <DIR> d-------- c:\programme\A360_
2008-12-12 15:38 . 2001-08-18 04:22 12,288 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-12 15:38 . 2001-08-18 04:22 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-12 15:37 . 2008-12-12 15:37 <DIR> d-------- c:\programme\Vision Objects
2008-12-12 15:35 . 2008-12-12 15:35 <DIR> d-------- c:\programme\MyInk
2008-12-12 15:34 . 2008-12-12 15:34 <DIR> d-------- c:\programme\Power Presenter RE
2008-12-12 15:34 . 2008-12-12 16:03 <DIR> d-------- c:\programme\Free Notes & Office Ink
2008-12-12 15:32 . 2008-12-12 15:32 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tablet
2008-12-08 20:19 . 2008-12-08 20:19 268 --ah----- C:\sqmdata15.sqm
2008-12-08 20:19 . 2008-12-08 20:19 256 --ah----- C:\sqmdata16.sqm
2008-12-08 20:19 . 2008-12-08 20:19 244 --ah----- C:\sqmnoopt16.sqm
2008-12-08 20:19 . 2008-12-08 20:19 244 --ah----- C:\sqmnoopt15.sqm
2008-12-08 00:11 . 2008-01-31 16:19 15,872 --a------ C:\sudppipe.exe
2008-12-07 23:44 . 2005-01-05 22:50 1,410,560 --a------ c:\windows\system32\cc3260.dll
2008-12-07 23:44 . 2005-01-05 22:50 1,410,560 --a------ c:\windows\system\cc3260.dll
2008-12-04 17:23 . 2008-12-04 17:23 <DIR> d-------- c:\windows\.jagex_cache_32
2008-12-04 17:23 . 2008-12-04 17:32 31 --a------ c:\dokumente und einstellungen\*------*\jagex_runescape_preferences.dat
2008-11-30 23:08 . 2008-11-30 23:08 256 --ah----- C:\sqmdata14.sqm
2008-11-30 23:08 . 2008-11-30 23:08 244 --ah----- C:\sqmnoopt14.sqm
2008-11-30 23:07 . 2008-11-30 23:07 268 --ah----- C:\sqmdata13.sqm
2008-11-30 23:07 . 2008-11-30 23:07 244 --ah----- C:\sqmnoopt13.sqm
2008-11-27 21:46 . 2008-11-27 22:12 <DIR> d-------- c:\programme\Desktop Control Center 1000
2008-11-27 21:33 . 2008-11-27 21:38 <DIR> d-------- c:\programme\AN QuickNote
2008-11-27 21:33 . 2008-12-11 00:02 <DIR> d-------- c:\dokumente und einstellungen\*-------*\Anwendungsdaten\QuickNote
2008-11-27 21:33 . 2007-04-04 04:47 787,510 --a------ c:\windows\QuickNote.bmp
2008-11-27 21:33 . 1998-07-05 23:00 16,896 --a------ c:\windows\system32\winskde.dll
2008-11-26 19:07 . 2004-03-25 12:23 1,474,560 --a------ C:\WIN98C.IMG
2008-11-26 00:35 . 2008-11-26 00:35 <DIR> d-------- c:\dokumente und einstellungen\*-----*\Anwendungsdaten\FLVPlayer4Free
2008-11-25 17:29 . 2008-11-25 17:29 <DIR> d-------- c:\dokumente und einstellungen\*-----*\Anwendungsdaten\OpenOffice.org
2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programme\OpenOffice.org 3
2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programme\JRE
2008-11-19 14:57 . 2008-11-19 15:05 <DIR> d-------- C:\vBus-Server
2008-11-18 22:26 . 2008-11-18 22:27 <DIR> d-------- C:\Backup_Server
2008-11-17 20:56 . 2008-11-17 20:56 <DIR> d-------- c:\programme\Gemeinsame Dateien\Apple
2008-11-17 20:53 . 2008-11-17 20:53 <DIR> d-------- c:\programme\Apple Software Update
2008-11-17 20:53 . 2008-11-17 20:53 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2008-11-15 13:59 . 2008-11-15 14:08 <DIR> d-------- c:\programme\flatster
2008-11-15 13:59 . 2002-02-18 03:58 98,304 --a------ c:\windows\system32\unzip32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 12:04 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Skype
2008-12-14 12:02 --------- d-----w c:\programme\DesktopEarth
2008-12-14 12:01 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\VMware
2008-12-14 11:59 --------- d-----w c:\dokumente und einstellungen\LocalService\Anwendungsdaten\VMware
2008-12-14 11:59 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\VMware
2008-12-14 02:52 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\skypePM
2008-12-14 02:50 --------- d-----w c:\programme\DynDNS Updater
2008-12-13 14:24 --------- d-----w c:\programme\xampp
2008-12-12 16:46 20 ---h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT
2008-12-12 14:37 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-09 21:15 --------- d-----w c:\programme\DScaler
2008-12-04 17:31 --------- d-----w c:\programme\Azureus
2008-12-04 17:30 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Azureus
2008-12-04 17:06 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-11-26 12:49 --------- d-----w c:\programme\WinTV
2008-11-26 12:43 --------- d-----w c:\programme\RagTime 6
2008-11-26 12:43 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\RagTime
2008-11-25 23:35 --------- d-----w c:\programme\FLVPlayer4Free
2008-11-25 16:23 --------- d-----w c:\programme\Java
2008-11-20 11:49 --------- d-----w c:\programme\Microsoft ActiveSync
2008-11-19 09:48 2,516 --sha-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2008-11-17 19:57 --------- d-----w c:\programme\QuickTime
2008-11-17 19:56 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-11-13 09:33 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Audacity
2008-11-12 13:58 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Nikon
2008-11-12 13:57 --------- d-----w c:\programme\Gemeinsame Dateien\Nikon
2008-11-12 13:55 --------- d-----w c:\programme\Nikon
2008-11-12 13:55 --------- d-----w c:\programme\Gemeinsame Dateien\muvee Technologies
2008-11-12 13:55 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nikon
2008-11-12 13:54 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ultima_T15
2008-11-12 13:54 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\EnterNHelp
2008-11-12 13:54 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Configure Folder Actions
2008-11-10 08:12 --------- d-----w c:\programme\Microsoft Visual Studio 9.0
2008-11-10 08:12 --------- d-----w c:\programme\Business Objects
2008-11-10 08:11 --------- d-----w c:\programme\Microsoft Device Emulator
2008-11-10 08:10 --------- d-----w c:\programme\Windows Mobile 5.0 SDK R2
2008-11-10 08:08 --------- d-----w c:\programme\Microsoft Synchronization Services
2008-11-10 08:08 --------- d-----w c:\programme\Microsoft SQL Server Compact Edition
2008-11-10 08:07 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-11-10 08:03 --------- d-----w c:\programme\Gemeinsame Dateien\Merge Modules
2008-11-10 07:49 --------- d-----w c:\programme\Microsoft SDKs
2008-11-10 07:34 --------- d-----w c:\programme\Microsoft Web Designer Tools
2008-11-10 07:31 --------- d-----w c:\programme\Reference Assemblies
2008-11-09 23:04 --------- d-----w c:\programme\MSECACHE
2008-11-09 15:31 --------- d-----w c:\programme\Windows Installer Clean Up
2008-11-07 10:28 --------- d-----w c:\programme\Eurekr.com
2008-10-29 23:46 --------- d-----w c:\programme\WinSCP
2008-10-28 22:45 --------- d-----w c:\programme\FSAcars
2008-10-24 13:08 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Notepad++
2008-10-24 12:59 --------- d-----w c:\programme\Notepad
2008-10-23 19:22 --------- d-----w c:\dokumente und einstellungen\*-----*\Anwendungsdaten\dvdcss
2008-10-15 12:52 --------- d-----w c:\programme\VirtualDJ
2008-09-30 10:22 8 --sh--r c:\dokumente und einstellungen\All Users\Anwendungsdaten\697E05746D.sys
2007-06-28 13:05 0 -c--a-w c:\programme\Microsoft
2007-04-03 18:12 119 -csh--w c:\windows\cnerolf.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 -csh--w c:\windows\system32\Smab0.dll
2007-11-26 19:13 52,021,792 -csha-w c:\windows\system32\drivers\fidbox.dat
2007-11-26 19:13 3,291,680 -csha-w c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ c:\programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"CurseClient"="c:\programme\Curse\CurseClient.exe" [2008-09-26 4728832]
"ICQ"="c:\programme\ICQ6\ICQ.exe" [2008-09-01 173304]
"QuickNote"="c:\programme\AN QuickNote\QuickNote.exe" [2007-04-04 454656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"="c:\programme\MSI\LAN Utility\DiagAP8169" [X]
"DAEMON Tools-1033"="c:\programme\D-Tools\daemon.exe" [2004-08-22 81920]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LifeCam"="c:\programme\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VersionCheck"="c:\programme\Onlineeye Pro\vcheck.exe" [2005-08-27 167936]
"OnlineTime"="c:\programme\onlineeye pro\onlineeye.exe" [2005-12-14 876639]
"LifeChat"="c:\programme\Microsoft LifeChat\LifeChat.exe" [2007-01-26 259440]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"PWRISOVM.EXE"="c:\programme\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"vmware-tray"="c:\programme\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\programme\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DIRC"="c:\programme\DIRC\DIRC.exe" [2006-08-16 607744]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-12-31 15360]

c:\dokumente und einstellungen\*-----*\Startmen�\Programme\Autostart\
Allzeit Atomzeit (leise, 3 Min. verz”gert).lnk - c:\programme\Allzeit Atomzeit\Atomzeit.exe [2007-03-15 78848]
DesktopEarth AutoStart.lnk - c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2007-12-24 29926]
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Verkn�pfung mit Zeitsignal.lnk - c:\programme\Allzeit Zeitsignal\Zeitsignal.exe [2005-05-07 45056]
WTVIRBridge.lnk - c:\dirc\WTVIRBridge\WTVIRBridge.exe [2008-02-17 401920]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
My Ink Resident.lnk - c:\programme\MyInk\My Ink Resident.exe [2008-12-12 36864]
Nikon Monitor.lnk - c:\programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe [2008-08-07 479232]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\programme\Desktop Control Center 1000\ControlCenter1000.htm
FriendlyName= Desktop Control Center 1000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Curse\\CurseClient.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5999:UDP"= 5999:UDP:MaxiVista Server
"606:TCP"= 606:TCP:VoIP On-Hold Server
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5071:UDP"= 5071:UDP:Express Talk Sip Incoming Calls (UDP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-02-03 40960]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-02-03 27808]
R2 Apache2.2;Apache2.2;"c:\programme\xampp\apache\bin\apache.exe" -k runservice [2006-08-13 16896]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\DRIVERS\LANPkt.sys [2007-03-11 8440]
R2 Synergy Server;Synergy Server;c:\programme\Synergy\synergys.exe [2006-04-02 733184]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\programme\NetDrive\rffsd.sys [2008-10-01 67032]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s []
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2008-02-10 10368]
R3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys [2007-03-11 11266]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2007-03-11 11841]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2007-03-11 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-03-11 605572]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2007-03-11 27524]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]
S2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe "\"c:\sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\SDK\bin\asadmin.bat\" stop-domain domain1\" []
S2 XAMPP;XAMPP Service;c:\programme\xampp\service.exe [2006-10-23 60928]
S3 DLPortIO;DriverLINX Port I/O Driver;\??\c:\windows\system32\DRIVERS\DLPortIO.SYS [2000-06-29 3584]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-22 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-12-17 28672]
S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\DRIVERS\VBoxTAP.sys [2008-02-03 47584]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2005-12-09 2799808]
S4 RFNP32;WebDrive Provider; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b520b6-cfec-11db-bee6-001109cdaf3e}]
\Shell\AutoRun\command - m:\.\AnywhereAIO.exe

*Newly Created Service* - DIAG69XP
.
Inhalt des "geplante Tasks" Ordners

2008-04-08 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2006-12-05 14:39]

2008-12-14 c:\windows\Tasks\{FFF25D04-0244-4374-A9C4-8007FC3607DC}_PETER_*-----*.job
- c:\windows\system32\mobsync.exe [2002-12-31 13:00]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-WinampAgent - c:\programme\Winamp\wianmpa.exe
HKLM-Run-WebDriveTray - c:\programme\NetDrive\webdrive.exe
Notify-AtiExtEvent - (no file)


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: &Winamp Toolbar Search - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\*-----*\Startmenü\Programme\IMVU\Run IMVU.lnk
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\*-----*\Startmenü\Programme\IMVU\Run IMVU.lnk -
TCP: {F4BF39D8-A776-4850-997F-9F20A5534237} = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\*-----*\Anwendungsdaten\Mozilla\Firefox\Profiles\y0ozyuyd.default\
FF - prefs.js: browser.startup.homepage - www.google.at
FF - plugin: c:\programme\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:59:34
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\RFNP32.DLL
c:\windows\system32\RFHelper.dll
c:\windows\system32\rfhres.dll
c:\programme\Synergy\synrgyhk.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programme\Borland\InterBase\bin\ibguard.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programme\Microsoft LifeCam\MSCamS32.exe
c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programme\xampp\mysql\bin\mysqld-nt.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\programme\NetDrive\wdService.exe
c:\programme\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\ATWTUSB.EXE
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programme\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\programme\DynDNS Updater\DynDNS.exe
c:\programme\Borland\InterBase\bin\ibserver.exe
c:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\programme\MSI\LAN Utility\DiagAP8169.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\DesktopEarth\DesktopEarth.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\programme\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-14 13:14:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-12-14 12:14:01

Vor Suchlauf: 8.897.515.520 Bytes frei
Nach Suchlauf: 8,977,768,448 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /usepmtimer

386

Mein Name wurde durch *-----* ersetzt!

Hijackthis:

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:46, on 14.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\xampp\apache\bin\apache.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\xampp\apache\bin\apache.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Synergy\synergys.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\NetDrive\wdService.exe
C:\Programme\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\DynDNS Updater\DynDNS.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\MSI\LAN Utility\DiagAP8169.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Programme\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\VMware\VMware Workstation\hqtray.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Programme\DIRC\DIRC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\QTTask.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\AN QuickNote\QuickNote.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\MyInk\My Ink Resident.exe
C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe
C:\Programme\Allzeit Atomzeit\Atomzeit.exe
C:\Programme\DesktopEarth\DesktopEarth.exe
C:\Programme\Allzeit Zeitsignal\Zeitsignal.exe
C:\DIRC\WTVIRBridge\WTVIRBridge.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VersionCheck] "C:\Programme\Onlineeye Pro\vcheck.exe"
O4 - HKLM\..\Run: [OnlineTime] "c:\programme\onlineeye pro\onlineeye.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Programme\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DIRC] C:\Programme\DIRC\DIRC.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [QuickNote] C:\Programme\AN QuickNote\QuickNote.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Allzeit Atomzeit (leise, 3 Min. verzögert).lnk = C:\Programme\Allzeit Atomzeit\Atomzeit.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Verknüpfung mit Zeitsignal.lnk = C:\Programme\Allzeit Zeitsignal\Zeitsignal.exe
O4 - Startup: WTVIRBridge.lnk = C:\DIRC\WTVIRBridge\WTVIRBridge.exe
O4 - Global Startup: My Ink Resident.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\*----*\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://data.vroute.net
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4BF39D8-A776-4850-997F-9F20A5534237}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme\xampp\apache\bin\apache.exe
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Programme\DynDNS Updater\DynDNS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: mysql - Unknown owner - C:\Programme\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Programme\Synergy\synergys.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\NetDrive\wdService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\winvnc4.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Programme\xampp\service.exe
O24 - Desktop Component 1: Desktop Control Center 1000 - C:\Programme\Desktop Control Center 1000\ControlCenter1000.htm

--
End of file - 13973 bytes

Uninstall-List:

Zitat

1-Click YouTubeAssistant
32 Bit HP CIO Components Installer
A4Tech iWheelWorks 7.64
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements
Adobe Reader 8.1.2 - Deutsch
Adobe Shockwave Player
Adobe SVG Viewer
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Aircraft Container Manager V2.5
Airline Tycoon Evolution
AKH-Linz
Allzeit Atomzeit 2.00
AN QuickNote Version 4.4
Apple Software Update
ATCsimulator2 by AEROSOFT Corporation
Audacity 1.3.2 (Unicode)
AutoAtis v3.0.5
AutoCAD 2000 - Deutsch
Avira AntiVir Personal - Free Antivirus
AVRStudio4
Azureus
Borland C++Builder 6
Borland Delphi 2005 Personal Edition
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Chartviewer
CloneCD
CloneDVD2
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang DE
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
Cross-Country Soaring 2004 4.0
Crystal Reports Basic for Visual Studio 2008
Curse Client
DAEMON Tools
DANCE - die Tanzfigurendatenbank (nur Deinstallation)
DesktopEarth
Diablo
Diablo II
DIRC
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DScaler 4.1.15
Dungeon Siege
DVD Decrypter (Remove Only)
DVD Shrink 3.2 deutsch
DynDNS Updater 3.1
EAGLE 4.16r2
Easy Object Designer
EAX(tm) Unified (SHELL)
EMS SQL Manager 2005 for MySQL Lite
EPSON-Drucker-Software
eSpeak version 1.24
EuroScope
EVEREST Home Edition v2.20
EZNEC Demo v. 5.0
File Uploader
FileZilla Client 3.0.4.1
Final Fantasy VII
Final Fantasy VII XP Patch
FINAL FANTASY VIII
flatster
Flight Simulator Scenery Creator
FLVPlayer4Free Free FLV Player 3.2.0.0
FMS 1.1.0
Free Notes & Office Ink
FreePDF XP (Remove only)
FreeTrack v2.0
FS Panel Studio
FSAcars
FSFDT FSCopilot
FSFDT FSInn
FSFDT VIP Standard 2004
FSNavigator
GameShadow
Google Earth
Hardwar
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
HP Photosmart Printer Driver Software 10.0.02
ICQ6
Indy 10 for Delphi 7
Inno Setup Version 5.1.6
innotek VirtualBox
InterBase 6.5
J2SE Runtime Environment 5.0 Update 11
Java DB 10.3.1.4
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 6
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
LAN Utility
Legacy 'The Luxury Aircraft Collection'
Leitstelle
Leitstelle 0.4.0
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.10.0
Line Rider
Log 2004 1.4
Logox 4 Professional
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Map24 Mobile - PocketPC
Map24 Mobile 2.0 - PocketPC
Messenger Plus! Live
Metro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework SDK (German) 1.1
Microsoft ActiveSync
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 Language Pack - DEU
Microsoft Document Explorer 2005 Language Pack - DEU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft LifeChat
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
Microsoft SQL Server 2005-Abwärtskompatibilität
Microsoft SQL Server 2005-Onlinedokumentation (Deutsch)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - DEU
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MidiNotate
Minimo
Miranda IM 0.7.1
Mozilla Firefox (3.0.4)
MSXML 6.0 Parser (KB927977)
Multisim 8 Trial
MyInk
MyPhoneExplorer
MyScript Notes
Nero Suite
NetDrive
Network Analyzer for Windows Mobile PPC Edition
Nikon Message Center
Nikon Transfer
Notepad++
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Online Flight Manager v3 3.0
Online Manuals for WinTV (German)
Onlineeye Pro
OpenOffice.org 3.0
Opera 9.10
Paint.NET v3.22
Parallel Port Joystick
PonyProg2000 v2.06f
Power Presenter RE
PowerDVD
PowerISO
QuickTime
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
rnAvr
save2pc Pro Demo 3.46
screenPusher 1.3
Serious Sam 2
Silent Hunter II
Skype™ 3.8
Sony Ericsson PC Suite
Sound Club
SQLXML4
SUPER © Version 2008.bld.30 (Mar 22, 2008)
Synergy
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Tools für Microsoft SQL Server 2005
TortoiseSVN 1.4.7.11792 (32 bit)
Total Commander (Remove or Repair)
Ultimate ZIP Cracker
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update Service
Updateratgeber für Microsoft SQL Server 2005 (Deutsch)
USB Tablet Manager
vasFMC 2.0a4
VideoLAN VLC media player 0.8.6a
Virtual DJ - Atomix Productions
VisiBroker for Cpp 4.5
VMware Workstation
VNC Free Edition 4.1.2
VRC
VTPlus32 für WinTV (German)
WiFiFoFum
Winamp
Winamp Toolbar
WinAVR 20071221rc1 (remove only)
WinAVR 20071221rc1 (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
WinPcap 3.1 beta3
WinRAR archiver
WinSCP 4.1.7
XAMPP 1.6.0a
Xfire (remove only)
Xvid 1.1.2 final uninstall
YS FLIGHT SIMULATION SYSTEM 2000
Zip Password Recovery Master

Thx!
Lg Peterus

#2 Loesche den Ordner c:\programme\A360_ und aktualisiere dein Windows dann ueber www.windowsupdate.com. Installiere alle wichtigen Updates, bis dir keine mehr angeboten werden!
__________
MfG Ralf
SEO-Spam Hunter