xpatze85x
2008-04-12, 05:50
Could someone here please help me to remove virtumonde? thx a lot!
i already tried to remove virtumonde by using spybot and a few other removal tools i found on the internet, without success :(
here's my combofix logfile:
ComboFix 08-04-11.5 - Patze 2008-04-12 5:32:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1259 [GMT 2:00]
ausgeführt von:: C:\Users\Patze\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patze\AppData\Roaming\inst.exe
C:\Windows\install.exe
C:\Windows\system32\cbXOHArR.dll
C:\Windows\system32\efcYPggG.dll
C:\Windows\system32\FTPx.dll
C:\Windows\System32\GggPYcfe.ini
C:\Windows\System32\GggPYcfe.ini2
C:\Windows\system32\MabryObj.dll
C:\Windows\system32\nnnoPFXR.dll
C:\Windows\System32\RrAHOXbc.ini
C:\Windows\System32\RrAHOXbc.ini2
.
((((((((((((((((((((((( Dateien erstellt von 2008-03-12 bis 2008-04-12 ))))))))))))))))))))))))))))))
.
2008-04-11 06:20 . 2008-04-11 06:30 524,288 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TMContainer00000000000000000002.regtrans-ms
2008-04-11 06:20 . 2008-04-11 06:30 524,288 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TMContainer00000000000000000001.regtrans-ms
2008-04-11 06:20 . 2008-04-11 06:30 65,536 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TM.blf
2008-04-11 06:16 . 2008-04-11 06:16 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-10 22:32 . 2008-04-11 06:16 <DIR> d-------- C:\VundoFix Backups
2008-04-10 22:28 . 2008-04-11 06:20 262,144 --a------ C:\ntuser.dat
2008-04-10 22:28 . 2008-04-11 06:20 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-10 22:28 . 2008-04-11 06:20 0 --ah----- C:\ntuser.dat.LOG2
2008-04-10 21:15 . 2008-04-10 21:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-10 20:58 . 2008-04-11 06:25 199 --a------ C:\Windows\wininit.ini
2008-04-09 06:24 . 2007-03-12 23:34 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-04-09 06:24 . 2007-03-12 23:34 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-04-09 06:24 . 2007-03-12 23:34 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-04-06 10:58 . 2008-04-06 10:58 <DIR> d-------- C:\TEMP
2008-04-06 07:06 . 2008-04-10 21:41 <DIR> d-------- C:\Program Files\Trillian
2008-03-24 12:57 . 2007-08-24 20:44 101,504 -ra------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-03-24 12:57 . 2007-08-24 20:44 23,424 -ra------ C:\Windows\System32\drivers\ewdcsc.sys
2008-03-23 06:20 . 2008-04-01 05:49 <DIR> d-------- C:\Program Files\Mirage Interactive
2008-03-18 23:00 . 2008-03-18 23:00 <DIR> dr------- C:\Users\Public\Pictures
2008-03-18 22:51 . 2008-03-18 22:51 <DIR> d-------- C:\PerfLogs
2008-03-18 22:31 . 2008-03-18 22:04 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-03-18 22:31 . 2008-03-18 22:04 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-03-18 22:16 . 2008-01-19 00:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-03-18 22:16 . 2008-01-19 00:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-03-18 22:14 . 2008-01-19 00:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-03-18 22:14 . 2008-01-19 00:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-03-18 22:14 . 2008-01-19 00:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-03-18 22:10 . 2008-01-19 00:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-18 22:09 . 2008-01-18 23:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-18 22:05 . 2008-01-19 00:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-03-18 22:04 . 2008-03-18 22:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-03-16 21:07 . 2008-03-16 21:07 <DIR> d-------- C:\Users\Patze\AppData\Roaming\Datel
2008-03-16 21:00 . 2008-03-16 21:00 <DIR> d-------- C:\Program Files\Datel
2008-03-14 22:10 . 2001-08-10 02:26 278,581 --a------ C:\Windows\System32\temp.001
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 20:29 --------- d-----w C:\Users\Patze\AppData\Roaming\Skype
2008-04-10 20:29 --------- d-----w C:\Users\Patze\AppData\Roaming\.purple
2008-04-10 19:42 --------- d-----w C:\Users\Patze\AppData\Roaming\skypePM
2008-04-10 19:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-09 21:00 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 19:25 --------- d-----w C:\Program Files\Soulseek
2008-04-09 18:56 --------- d-----w C:\Users\Patze\AppData\Roaming\uTorrent
2008-04-09 18:53 --------- d-----w C:\Users\Patze\AppData\Roaming\UseNeXT
2008-04-09 03:54 --------- d-----w C:\Users\Patze\AppData\Roaming\OpenOffice.org2
2008-04-09 03:51 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-08 20:05 --------- d-----w C:\Program Files\Opera
2008-04-06 15:43 --------- d-----w C:\Users\Patze\AppData\Roaming\Cabos
2008-04-06 15:25 --------- d-----w C:\Users\Patze\AppData\Roaming\gtk-2.0
2008-04-06 05:07 --------- d-----w C:\Users\Patze\AppData\Roaming\Trillian
2008-04-02 18:42 --------- d-----w C:\Program Files\Winamp
2008-04-02 17:57 --------- d-----w C:\Program Files\Pidgin
2008-04-01 03:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:53 --------- d-----w C:\Program Files\ANNO 1602 Königs-Edition
2008-03-28 06:08 --------- d-----w C:\Users\Patze\AppData\Roaming\Winamp
2008-03-24 10:57 --------- d-----w C:\Program Files\Mobile Partner
2008-03-22 17:29 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-22 17:26 --------- d-----w C:\Program Files\City Interactive
2008-03-22 11:42 --------- d-----w C:\Users\Patze\AppData\Roaming\Vso
2008-03-21 18:27 --------- d-----w C:\Program Files\UseNeXT
2008-03-19 05:50 --------- d-----w C:\Users\Patze\AppData\Roaming\Apple Computer
2008-03-19 05:48 --------- d-----w C:\Program Files\Java
2008-03-18 21:02 --------- d-----w C:\ProgramData\NVIDIA
2008-03-18 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Journal
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Defender
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Calendar
2008-03-12 20:41 18,816 ----a-w C:\Windows\system32\drivers\dvd43llh.sys
2008-03-12 20:41 --------- d-----w C:\Program Files\dvd43
2008-03-10 11:53 --------- d-----w C:\Users\Patze\AppData\Roaming\FileZilla
2008-03-10 10:38 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-10 09:26 --------- d-----w C:\ProgramData\Acronis
2008-03-10 09:05 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-03-10 03:44 --------- d-----w C:\Program Files\CDBurnerXP
2008-03-05 13:36 --------- d-----w C:\Program Files\Flickr Uploadr
2008-03-03 18:08 --------- d-----w C:\Users\Patze\AppData\Roaming\AVSMedia
2008-03-03 18:08 --------- d-----w C:\ProgramData\AVS4YOU
2008-03-03 18:07 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-03 17:36 --------- d-----w C:\Users\Patze\AppData\Roaming\SlySoft
2008-03-03 17:35 --------- d-----w C:\Program Files\SlySoft
2008-03-03 16:21 --------- d-----w C:\ProgramData\Faroo
2008-03-03 14:57 --------- d-----w C:\Users\Patze\AppData\Roaming\vlc
2008-03-03 14:56 --------- d-----w C:\Program Files\VideoLAN
2008-03-03 03:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-02 16:16 47,360 ----a-w C:\Users\Patze\AppData\Roaming\pcouffin.sys
2008-03-02 16:16 --------- d-----w C:\Program Files\VSO
2008-03-02 11:27 --------- d-----w C:\Program Files\Rockstar Games
2008-03-02 10:32 --------- d-----w C:\ProgramData\FLEXnet
2008-03-02 10:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 10:10 --------- d-----w C:\Program Files\Bonjour
2008-03-02 09:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-02 07:14 --------- d-----w C:\Program Files\Cabos
2008-03-02 07:06 --------- d-----w C:\Program Files\Mp3tag
2008-02-28 06:56 --------- d-----w C:\Program Files\Google
2008-02-27 05:57 --------- d-----w C:\Program Files\BurnAware Free Edition
2008-02-26 20:05 --------- d-----w C:\Users\Patze\AppData\Roaming\Mp3tag
2008-02-26 20:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-26 20:05 --------- d-----w C:\Program Files\IrfanView
2008-02-26 03:58 --------- d-----w C:\ProgramData\RapidSolution
2008-02-26 03:53 --------- d-----w C:\Users\Patze\AppData\Roaming\Tunebite
2008-02-26 03:51 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-02-16 15:10 --------- d-----w C:\Users\Patze\AppData\Roaming\Flickr
2008-02-09 15:38 118,784 ----a-w C:\Windows\GREUninstall.exe
2008-02-05 10:23 41,662 ----a-w C:\Users\Patze\AppData\Roaming\nvModes.dat
2008-01-18 22:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-18 22:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-18 22:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-18 22:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-18 22:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-18 22:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-18 22:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-18 22:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-18 22:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-18 22:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-18 22:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-18 22:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-18 22:33 13,312 ----a-w C:\Windows\fveupdate.exe
2007-11-16 06:36 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 06:36 32 ----a-w C:\ProgramData\ezsid.dat
2007-09-28 04:54 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-15 18:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-15 18:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-15 18:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"VistaBatterySaver"=C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"Netlog 24"=C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"MSServer"=rundll32.exe C:\Windows\system32\jkkIYpqn.dll,#1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2098635691-1080314887-2681120547-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2C39D332-4EA6-48DA-BBC6-926271695AAA}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{9E8E276D-5529-42A8-B92D-08942E8FB1F9}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FC4C9F5E-5107-4DCB-81FF-AEF2FF4830FE}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{2E9E4349-B731-4ADB-8AEA-7BD9635E1CD2}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"TCP Query User{774E871D-11EB-4568-9CD0-238C8C1BC4E2}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{9C5AE140-6ABC-44A8-A8D2-9F3DB594B1D6}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm
"{93F88402-7474-4D8D-B46A-1FAB5EE45C5C}"= UDP:C:\Program Files\Pidgin\pidgin.exe:pidgin
"{03CD0568-1075-45FE-AD53-5AEC396092BA}"= TCP:C:\Program Files\Pidgin\pidgin.exe:pidgin
"{5E3BA106-7349-4081-BBE1-E025635297C0}"= Disabled:UDP:11265:messenger
"TCP Query User{BB10D81E-5206-4CF3-8CCC-B431D693A608}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{2580B94B-7A0A-48CE-B944-64595CCA5403}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{562AE918-0ABF-431E-9DF2-66425816AEEE}"= UDP:18574:SLSK
"TCP Query User{7DE6747E-CCEA-413E-9CA2-8546531CEE5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3C3423F5-8848-47C3-B248-818DF6096E14}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{32838A2B-74FB-43A2-BCA0-04B970CFA459}"= Disabled:UDP:6891:MSN
"TCP Query User{521FA752-CA0F-4428-89B6-67BDC35A1C94}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{71B9E007-05F9-4B1D-BE77-D35312B777A9}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{8A5D3087-D14E-455A-B4F2-B164C322EBEA}"= UDP:5000:AresChatServer
"{C39C99CD-0B37-4F1B-AC50-8AA17F1C2703}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2131BEFF-972B-42E2-A4AF-C55DA9AF2789}C:\\program files\\amsn\\bin\\wish.exe"= Disabled:UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{0863D994-A539-4ED5-9AC1-3BD6CF0F7CE5}C:\\program files\\amsn\\bin\\wish.exe"= Disabled:TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{4FFCDB83-4393-447B-A9AC-52F31EF6383E}C:\\program files\\miranda im\\miranda32.exe"= Disabled:UDP:C:\program files\miranda im\miranda32.exe:Miranda IM
"UDP Query User{691C2A12-6A6C-4263-AA3C-A647B4A125F2}C:\\program files\\miranda im\\miranda32.exe"= Disabled:TCP:C:\program files\miranda im\miranda32.exe:Miranda IM
"{D0965D58-0DD8-4D29-95F3-8F883DC6953E}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41BAA81D-1AD0-452F-9E05-29981C227D0E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A39C257-1AA9-4C7B-9C4A-9C05BDF22465}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{83DEEA14-1893-416F-85E2-BF92903F12CA}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{7C7E678D-3BF3-41CB-AAF3-D5312E892D30}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{31E2BBD2-01A4-48B1-83B2-E8B227B961E0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{79A32264-2860-4B2D-B65F-B8B8109A0FC1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0C275752-0B2A-4510-86AE-ADBD05AB4798}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{8BEC047F-CCE1-4AAD-9F25-54A8EB23C166}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7985AA08-39F1-45CC-964C-76946C90C131}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8F74092D-E435-467C-8C52-CBD9F30E9981}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4CB904A4-6BDA-449E-BBB0-8E8374513DA5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{03924778-4924-4DFB-9EF2-A40AB424B98B}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{311F3D7C-7614-4FF7-AC12-A194BDC784B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B8FDBA03-3995-4588-B313-5EA19797F6C0}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{7EEF21EB-B614-4E7B-B0CB-FE117CD55F5D}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{3AE977A0-57CA-4A92-95E5-98ABC1E939AF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{4B67E1FE-08F6-4CBA-8E6B-ABEDC65C192E}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{BC8ACEEA-23A0-4EC8-8FA8-C387F151901B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A0235DD7-15F7-46A7-A455-7E0D06CC2B23}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B6F4F940-3008-4B98-BEE6-751AD94BC389}"= UDP:5000:AresChatServer
"{F16D4345-2956-402C-9D30-148A89935B0F}"= UDP:C:\Program Files\Omemo\Omemo.exe:Omemo
"{7F73EACD-7D4E-4EA8-87A6-4A4220823DCD}"= TCP:C:\Program Files\Omemo\Omemo.exe:Omemo
"{27C910F2-7F4B-4D0B-975B-BC2551E2A963}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{9B829379-9D29-4EBF-85B7-FCC7CB78B1BC}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{5BD2C2A0-3581-47CA-8A0B-2089A9C7CB28}"= UDP:C:\Program Files\ApexDC++\ApexDC.exe:ApexDC++ - Pinnacle of File Sharing
"{7D4DF148-0E18-4CCA-9E12-D6790AC302B1}"= TCP:C:\Program Files\ApexDC++\ApexDC.exe:ApexDC++ - Pinnacle of File Sharing
"{96A47FB3-09C2-4174-9375-4F33A5B9A4BE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{866202CC-1BDE-4F71-A020-4CCC08915AF9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D8108E2A-4AC8-4059-82C0-BEE979FA87DB}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{63975B0B-8A0B-4DFA-8B02-E873689B60EC}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B56DEC9D-4FE2-43FF-8E94-DE778781418A}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C5636F9E-89A1-472A-8274-57126C1F29AF}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 ACEDRV06;ACEDRV06;C:\Windows\system32\drivers\ACEDRV06.sys [2007-12-11 17:52]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 10:44]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 23:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 23:31]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-07-27 11:02]
S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 18:20]
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 14:54]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 14:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 14:54]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-11-01 09:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c62a21-7b3b-11dc-94ff-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c62a22-7b3b-11dc-94ff-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200a69b3-b820-11dc-bd65-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42b1c041-8d46-11dc-beaa-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42b1c042-8d46-11dc-beaa-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499160b4-8464-11dc-89c1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499160b5-8464-11dc-89c1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b317efb-75c0-11dc-851f-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b317efc-75c0-11dc-851f-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6766a0ce-c1f7-11dc-a76b-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6766a0cf-c1f7-11dc-a76b-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cf1fbcc-8f90-11dc-aae1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cf1fbcd-8f90-11dc-aae1-001b2401e567}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a5b081-62ad-11dc-9aec-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a5b08e-62ad-11dc-9aec-001a6b20fda5}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a0e74a-c4b8-11dc-bf2a-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8737beb5-844f-11dc-9db7-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8737beb6-844f-11dc-9db7-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626280c-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626280d-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6262818-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6262819-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db717308-f324-11dc-b668-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc19129-f96e-11dc-befa-001b2401e567}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f022cae5-0004-11dd-bed9-806e6f6e6963}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f022cb0e-0004-11dd-bed9-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b56b83-8851-11dc-9465-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b56b84-8851-11dc-9465-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f721f32a-98f2-11dc-984a-806e6f6e6963}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7fe951-98bd-11dc-8758-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7fe952-98bd-11dc-8758-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 05:41:03
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-12 5:45:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 03:45:32
19 Verzeichnis(se), 52,200,558,592 Bytes frei
30 Verzeichnis(se), 53,868,314,624 Bytes frei
.
2008-04-09 19:34:20 --- E O F ---
i already tried to remove virtumonde by using spybot and a few other removal tools i found on the internet, without success :(
here's my combofix logfile:
ComboFix 08-04-11.5 - Patze 2008-04-12 5:32:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1259 [GMT 2:00]
ausgeführt von:: C:\Users\Patze\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patze\AppData\Roaming\inst.exe
C:\Windows\install.exe
C:\Windows\system32\cbXOHArR.dll
C:\Windows\system32\efcYPggG.dll
C:\Windows\system32\FTPx.dll
C:\Windows\System32\GggPYcfe.ini
C:\Windows\System32\GggPYcfe.ini2
C:\Windows\system32\MabryObj.dll
C:\Windows\system32\nnnoPFXR.dll
C:\Windows\System32\RrAHOXbc.ini
C:\Windows\System32\RrAHOXbc.ini2
.
((((((((((((((((((((((( Dateien erstellt von 2008-03-12 bis 2008-04-12 ))))))))))))))))))))))))))))))
.
2008-04-11 06:20 . 2008-04-11 06:30 524,288 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TMContainer00000000000000000002.regtrans-ms
2008-04-11 06:20 . 2008-04-11 06:30 524,288 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TMContainer00000000000000000001.regtrans-ms
2008-04-11 06:20 . 2008-04-11 06:30 65,536 --ahs---- C:\ntuser.dat{5a18a0ef-077e-11dd-a540-001b2401e567}.TM.blf
2008-04-11 06:16 . 2008-04-11 06:16 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-10 22:32 . 2008-04-11 06:16 <DIR> d-------- C:\VundoFix Backups
2008-04-10 22:28 . 2008-04-11 06:20 262,144 --a------ C:\ntuser.dat
2008-04-10 22:28 . 2008-04-11 06:20 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-10 22:28 . 2008-04-11 06:20 0 --ah----- C:\ntuser.dat.LOG2
2008-04-10 21:15 . 2008-04-10 21:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-10 20:58 . 2008-04-11 06:25 199 --a------ C:\Windows\wininit.ini
2008-04-09 06:24 . 2007-03-12 23:34 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-04-09 06:24 . 2007-03-12 23:34 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-04-09 06:24 . 2007-03-12 23:34 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-04-06 10:58 . 2008-04-06 10:58 <DIR> d-------- C:\TEMP
2008-04-06 07:06 . 2008-04-10 21:41 <DIR> d-------- C:\Program Files\Trillian
2008-03-24 12:57 . 2007-08-24 20:44 101,504 -ra------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-03-24 12:57 . 2007-08-24 20:44 23,424 -ra------ C:\Windows\System32\drivers\ewdcsc.sys
2008-03-23 06:20 . 2008-04-01 05:49 <DIR> d-------- C:\Program Files\Mirage Interactive
2008-03-18 23:00 . 2008-03-18 23:00 <DIR> dr------- C:\Users\Public\Pictures
2008-03-18 22:51 . 2008-03-18 22:51 <DIR> d-------- C:\PerfLogs
2008-03-18 22:31 . 2008-03-18 22:04 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-03-18 22:31 . 2008-03-18 22:04 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-03-18 22:16 . 2008-01-19 00:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-03-18 22:16 . 2008-01-19 00:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-03-18 22:14 . 2008-01-19 00:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-03-18 22:14 . 2008-01-19 00:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-03-18 22:14 . 2008-01-19 00:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-03-18 22:10 . 2008-01-19 00:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-18 22:09 . 2008-01-18 23:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-18 22:05 . 2008-01-19 00:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-03-18 22:04 . 2008-03-18 22:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-03-16 21:07 . 2008-03-16 21:07 <DIR> d-------- C:\Users\Patze\AppData\Roaming\Datel
2008-03-16 21:00 . 2008-03-16 21:00 <DIR> d-------- C:\Program Files\Datel
2008-03-14 22:10 . 2001-08-10 02:26 278,581 --a------ C:\Windows\System32\temp.001
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 20:29 --------- d-----w C:\Users\Patze\AppData\Roaming\Skype
2008-04-10 20:29 --------- d-----w C:\Users\Patze\AppData\Roaming\.purple
2008-04-10 19:42 --------- d-----w C:\Users\Patze\AppData\Roaming\skypePM
2008-04-10 19:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-09 21:00 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 19:25 --------- d-----w C:\Program Files\Soulseek
2008-04-09 18:56 --------- d-----w C:\Users\Patze\AppData\Roaming\uTorrent
2008-04-09 18:53 --------- d-----w C:\Users\Patze\AppData\Roaming\UseNeXT
2008-04-09 03:54 --------- d-----w C:\Users\Patze\AppData\Roaming\OpenOffice.org2
2008-04-09 03:51 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-08 20:05 --------- d-----w C:\Program Files\Opera
2008-04-06 15:43 --------- d-----w C:\Users\Patze\AppData\Roaming\Cabos
2008-04-06 15:25 --------- d-----w C:\Users\Patze\AppData\Roaming\gtk-2.0
2008-04-06 05:07 --------- d-----w C:\Users\Patze\AppData\Roaming\Trillian
2008-04-02 18:42 --------- d-----w C:\Program Files\Winamp
2008-04-02 17:57 --------- d-----w C:\Program Files\Pidgin
2008-04-01 03:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 03:53 --------- d-----w C:\Program Files\ANNO 1602 Königs-Edition
2008-03-28 06:08 --------- d-----w C:\Users\Patze\AppData\Roaming\Winamp
2008-03-24 10:57 --------- d-----w C:\Program Files\Mobile Partner
2008-03-22 17:29 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-22 17:26 --------- d-----w C:\Program Files\City Interactive
2008-03-22 11:42 --------- d-----w C:\Users\Patze\AppData\Roaming\Vso
2008-03-21 18:27 --------- d-----w C:\Program Files\UseNeXT
2008-03-19 05:50 --------- d-----w C:\Users\Patze\AppData\Roaming\Apple Computer
2008-03-19 05:48 --------- d-----w C:\Program Files\Java
2008-03-18 21:02 --------- d-----w C:\ProgramData\NVIDIA
2008-03-18 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Journal
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Defender
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-18 20:52 --------- d-----w C:\Program Files\Windows Calendar
2008-03-12 20:41 18,816 ----a-w C:\Windows\system32\drivers\dvd43llh.sys
2008-03-12 20:41 --------- d-----w C:\Program Files\dvd43
2008-03-10 11:53 --------- d-----w C:\Users\Patze\AppData\Roaming\FileZilla
2008-03-10 10:38 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-10 09:26 --------- d-----w C:\ProgramData\Acronis
2008-03-10 09:05 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-03-10 03:44 --------- d-----w C:\Program Files\CDBurnerXP
2008-03-05 13:36 --------- d-----w C:\Program Files\Flickr Uploadr
2008-03-03 18:08 --------- d-----w C:\Users\Patze\AppData\Roaming\AVSMedia
2008-03-03 18:08 --------- d-----w C:\ProgramData\AVS4YOU
2008-03-03 18:07 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-03 17:36 --------- d-----w C:\Users\Patze\AppData\Roaming\SlySoft
2008-03-03 17:35 --------- d-----w C:\Program Files\SlySoft
2008-03-03 16:21 --------- d-----w C:\ProgramData\Faroo
2008-03-03 14:57 --------- d-----w C:\Users\Patze\AppData\Roaming\vlc
2008-03-03 14:56 --------- d-----w C:\Program Files\VideoLAN
2008-03-03 03:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-02 16:16 47,360 ----a-w C:\Users\Patze\AppData\Roaming\pcouffin.sys
2008-03-02 16:16 --------- d-----w C:\Program Files\VSO
2008-03-02 11:27 --------- d-----w C:\Program Files\Rockstar Games
2008-03-02 10:32 --------- d-----w C:\ProgramData\FLEXnet
2008-03-02 10:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 10:10 --------- d-----w C:\Program Files\Bonjour
2008-03-02 09:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-02 07:14 --------- d-----w C:\Program Files\Cabos
2008-03-02 07:06 --------- d-----w C:\Program Files\Mp3tag
2008-02-28 06:56 --------- d-----w C:\Program Files\Google
2008-02-27 05:57 --------- d-----w C:\Program Files\BurnAware Free Edition
2008-02-26 20:05 --------- d-----w C:\Users\Patze\AppData\Roaming\Mp3tag
2008-02-26 20:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-26 20:05 --------- d-----w C:\Program Files\IrfanView
2008-02-26 03:58 --------- d-----w C:\ProgramData\RapidSolution
2008-02-26 03:53 --------- d-----w C:\Users\Patze\AppData\Roaming\Tunebite
2008-02-26 03:51 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-02-16 15:10 --------- d-----w C:\Users\Patze\AppData\Roaming\Flickr
2008-02-09 15:38 118,784 ----a-w C:\Windows\GREUninstall.exe
2008-02-05 10:23 41,662 ----a-w C:\Users\Patze\AppData\Roaming\nvModes.dat
2008-01-18 22:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-18 22:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-18 22:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-18 22:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-18 22:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-18 22:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-18 22:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-18 22:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-18 22:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-18 22:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-18 22:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-18 22:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-18 22:33 13,312 ----a-w C:\Windows\fveupdate.exe
2007-11-16 06:36 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 06:36 32 ----a-w C:\ProgramData\ezsid.dat
2007-09-28 04:54 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-15 18:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-15 18:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-15 18:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"VistaBatterySaver"=C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"Netlog 24"=C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"MSServer"=rundll32.exe C:\Windows\system32\jkkIYpqn.dll,#1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2098635691-1080314887-2681120547-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2C39D332-4EA6-48DA-BBC6-926271695AAA}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{9E8E276D-5529-42A8-B92D-08942E8FB1F9}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FC4C9F5E-5107-4DCB-81FF-AEF2FF4830FE}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{2E9E4349-B731-4ADB-8AEA-7BD9635E1CD2}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"TCP Query User{774E871D-11EB-4568-9CD0-238C8C1BC4E2}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{9C5AE140-6ABC-44A8-A8D2-9F3DB594B1D6}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm
"{93F88402-7474-4D8D-B46A-1FAB5EE45C5C}"= UDP:C:\Program Files\Pidgin\pidgin.exe:pidgin
"{03CD0568-1075-45FE-AD53-5AEC396092BA}"= TCP:C:\Program Files\Pidgin\pidgin.exe:pidgin
"{5E3BA106-7349-4081-BBE1-E025635297C0}"= Disabled:UDP:11265:messenger
"TCP Query User{BB10D81E-5206-4CF3-8CCC-B431D693A608}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{2580B94B-7A0A-48CE-B944-64595CCA5403}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{562AE918-0ABF-431E-9DF2-66425816AEEE}"= UDP:18574:SLSK
"TCP Query User{7DE6747E-CCEA-413E-9CA2-8546531CEE5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3C3423F5-8848-47C3-B248-818DF6096E14}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{32838A2B-74FB-43A2-BCA0-04B970CFA459}"= Disabled:UDP:6891:MSN
"TCP Query User{521FA752-CA0F-4428-89B6-67BDC35A1C94}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{71B9E007-05F9-4B1D-BE77-D35312B777A9}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{8A5D3087-D14E-455A-B4F2-B164C322EBEA}"= UDP:5000:AresChatServer
"{C39C99CD-0B37-4F1B-AC50-8AA17F1C2703}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2131BEFF-972B-42E2-A4AF-C55DA9AF2789}C:\\program files\\amsn\\bin\\wish.exe"= Disabled:UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{0863D994-A539-4ED5-9AC1-3BD6CF0F7CE5}C:\\program files\\amsn\\bin\\wish.exe"= Disabled:TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{4FFCDB83-4393-447B-A9AC-52F31EF6383E}C:\\program files\\miranda im\\miranda32.exe"= Disabled:UDP:C:\program files\miranda im\miranda32.exe:Miranda IM
"UDP Query User{691C2A12-6A6C-4263-AA3C-A647B4A125F2}C:\\program files\\miranda im\\miranda32.exe"= Disabled:TCP:C:\program files\miranda im\miranda32.exe:Miranda IM
"{D0965D58-0DD8-4D29-95F3-8F883DC6953E}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41BAA81D-1AD0-452F-9E05-29981C227D0E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A39C257-1AA9-4C7B-9C4A-9C05BDF22465}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{83DEEA14-1893-416F-85E2-BF92903F12CA}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{7C7E678D-3BF3-41CB-AAF3-D5312E892D30}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{31E2BBD2-01A4-48B1-83B2-E8B227B961E0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{79A32264-2860-4B2D-B65F-B8B8109A0FC1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0C275752-0B2A-4510-86AE-ADBD05AB4798}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{8BEC047F-CCE1-4AAD-9F25-54A8EB23C166}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7985AA08-39F1-45CC-964C-76946C90C131}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8F74092D-E435-467C-8C52-CBD9F30E9981}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4CB904A4-6BDA-449E-BBB0-8E8374513DA5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{03924778-4924-4DFB-9EF2-A40AB424B98B}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{311F3D7C-7614-4FF7-AC12-A194BDC784B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B8FDBA03-3995-4588-B313-5EA19797F6C0}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{7EEF21EB-B614-4E7B-B0CB-FE117CD55F5D}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{3AE977A0-57CA-4A92-95E5-98ABC1E939AF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{4B67E1FE-08F6-4CBA-8E6B-ABEDC65C192E}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{BC8ACEEA-23A0-4EC8-8FA8-C387F151901B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A0235DD7-15F7-46A7-A455-7E0D06CC2B23}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B6F4F940-3008-4B98-BEE6-751AD94BC389}"= UDP:5000:AresChatServer
"{F16D4345-2956-402C-9D30-148A89935B0F}"= UDP:C:\Program Files\Omemo\Omemo.exe:Omemo
"{7F73EACD-7D4E-4EA8-87A6-4A4220823DCD}"= TCP:C:\Program Files\Omemo\Omemo.exe:Omemo
"{27C910F2-7F4B-4D0B-975B-BC2551E2A963}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{9B829379-9D29-4EBF-85B7-FCC7CB78B1BC}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{5BD2C2A0-3581-47CA-8A0B-2089A9C7CB28}"= UDP:C:\Program Files\ApexDC++\ApexDC.exe:ApexDC++ - Pinnacle of File Sharing
"{7D4DF148-0E18-4CCA-9E12-D6790AC302B1}"= TCP:C:\Program Files\ApexDC++\ApexDC.exe:ApexDC++ - Pinnacle of File Sharing
"{96A47FB3-09C2-4174-9375-4F33A5B9A4BE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{866202CC-1BDE-4F71-A020-4CCC08915AF9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D8108E2A-4AC8-4059-82C0-BEE979FA87DB}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{63975B0B-8A0B-4DFA-8B02-E873689B60EC}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B56DEC9D-4FE2-43FF-8E94-DE778781418A}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C5636F9E-89A1-472A-8274-57126C1F29AF}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 ACEDRV06;ACEDRV06;C:\Windows\system32\drivers\ACEDRV06.sys [2007-12-11 17:52]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 10:44]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 23:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 23:31]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-07-27 11:02]
S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 18:20]
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 14:54]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 14:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 14:54]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-11-01 09:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c62a21-7b3b-11dc-94ff-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c62a22-7b3b-11dc-94ff-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200a69b3-b820-11dc-bd65-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42b1c041-8d46-11dc-beaa-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42b1c042-8d46-11dc-beaa-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499160b4-8464-11dc-89c1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499160b5-8464-11dc-89c1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b317efb-75c0-11dc-851f-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b317efc-75c0-11dc-851f-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6766a0ce-c1f7-11dc-a76b-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6766a0cf-c1f7-11dc-a76b-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cf1fbcc-8f90-11dc-aae1-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cf1fbcd-8f90-11dc-aae1-001b2401e567}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a5b081-62ad-11dc-9aec-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a5b08e-62ad-11dc-9aec-001a6b20fda5}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a0e74a-c4b8-11dc-bf2a-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8737beb5-844f-11dc-9db7-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8737beb6-844f-11dc-9db7-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626280c-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626280d-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6262818-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6262819-6237-11dc-ab97-001a6b20fda5}]
\shell\AutoRun\command - H:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db717308-f324-11dc-b668-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc19129-f96e-11dc-befa-001b2401e567}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f022cae5-0004-11dd-bed9-806e6f6e6963}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f022cb0e-0004-11dd-bed9-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b56b83-8851-11dc-9465-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b56b84-8851-11dc-9465-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f721f32a-98f2-11dc-984a-806e6f6e6963}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7fe951-98bd-11dc-8758-001b2401e567}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7fe952-98bd-11dc-8758-001b2401e567}]
\shell\AutoRun\command - G:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 05:41:03
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-12 5:45:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 03:45:32
19 Verzeichnis(se), 52,200,558,592 Bytes frei
30 Verzeichnis(se), 53,868,314,624 Bytes frei
.
2008-04-09 19:34:20 --- E O F ---