Hilfe! SpyBot und ähnliche Programme funktionieren nicht! Virus?

[the_angry_banana]

Tut mir leid für Doppelpost! (Spybot - Search & Destroy funktionert nicht mehr).

Ich dachte es ist nur SpyBot welcher bei mir Probleme macht. Ich habe jedoch grad "Malwarebytes' Anti-Malware" und "SUPERAntiSpywarePro" installiert. Bei allen drei bekomme ich die gleich Fehlermeldung! KEINE (!!!) anderen Programme zeigen mir diese Meldungen an, nur die AntiSpy Programme.
Das muss doch ein Virus sein der "nicht gefunden werden möchte"?
Ich habe bei mir im Google in der Leiste immer COUNTER.FASTKLICK.NET stehen. Dass muss wohl einer der Gründe sein, warum ich bei Suchergebnissen immer auf eBay, Porno oder irgendwelche Warez Software geleitet werde!
Kann mir einer helfen? Was kann ich machen?!

 

[raman]

Hallo the_angry_banana,

nutze Combofix

Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es als test.exe auf den Desktop
Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen
Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Nutze immer eine aktuelle Version von Combofix, auch wenn du "deine" erst vor einem Tag heruntergeladen hast.

 

[the_angry_banana]

Ich kann endlich Spybot und Co. starten!!!! Danke!!!! Ist das der Report?

ComboFix 09-05-24.07 - Pawel Wendt 25.05.2009 15:50:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1245 [GMT 2:00]
ausgeführt von:: C:\Users\Pawel Wendt\Desktop\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\gxvxcwpryufofvswuimxrxgigpwrfixteqpvm.sys
C:\Windows\system32\gxvxccounter
C:\Windows\system32\gxvxcsrqqxciorjcmbwixntibobsramrfxgnl.dll
C:\Windows\TEMP\logishrd\LVPrcInj01.dll
D:\desktop.ini
E:\desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((( Dateien erstellt von 2009-04-25 bis 2009-05-25 ))))))))))))))))))))))))))))))
.

2009-05-25 13:53:29 . 2009-05-25 13:55:30 0 d-----w C:\Users\Pawel Wendt\AppData\Local\temp
2009-05-25 13:25:03 . 2009-05-25 13:26:37 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\GetRightToGo
2009-05-25 13:10:19 . 2009-05-25 13:10:19 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\SUPERAntiSpyware.com
2009-05-25 13:10:19 . 2009-05-25 13:10:19 0 d-----w C:\Program Files\SUPERAntiSpyware
2009-05-25 13:10:12 . 2009-05-25 13:10:12 0 d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-05-25 13:09:51 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
2009-05-25 13:09:49 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2009-05-25 13:09:47 . 2009-05-25 13:09:53 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-25 13:09:47 . 2009-05-25 13:09:47 0 d-----w C:\ProgramData\Malwarebytes
2009-05-23 08:38:41 . 2009-05-23 08:38:49 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-05-22 14:55:54 . 2009-05-22 14:57:23 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-05-22 14:14:22 . 2009-05-22 14:14:22 0 d-----w C:\Program Files\7-Zip
2009-05-22 13:48:42 . 2009-05-22 13:48:42 0 d--h--r C:\Users\Pawel Wendt\AppData\Roaming\SecuROM
2009-05-22 13:48:41 . 2009-05-22 13:48:41 98304 ----a-w C:\Windows\system32CmdLineExt.dll
2009-05-22 13:30:18 . 2009-05-06 18:06:53 4784464 ----a-w C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8867E21A-1364-40ED-A7B3-791DB6787F04}\mpengine.dll
2009-05-22 13:27:25 . 2009-05-22 13:27:25 0 d-----w C:\Program Files\Alcohol Soft
2009-05-22 13:25:27 . 2009-05-22 13:25:27 721904 ----a-w C:\Windows\system32\drivers\sptd.sys
2009-05-14 17:43:38 . 2009-05-14 17:43:38 0 d-----w C:\Users\Pawel Wendt\AppData\Local\PowerDVDCox
2009-05-14 17:43:36 . 2009-05-14 17:43:36 0 d-----w C:\Users\Pawel Wendt\AppData\Local\PowerDVDCinema
2009-05-14 17:40:03 . 2009-05-14 17:40:03 0 d-----w C:\Users\Public\CyberLink
2009-05-14 17:39:26 . 2009-05-14 17:39:27 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\vlc
2009-05-14 17:33:51 . 2009-05-14 17:33:51 0 d-----w C:\Program Files\Common Files\CyberLink
2009-05-14 17:29:16 . 2009-05-14 18:16:59 29480 ----a-w C:\Windows\system32\msxml3a.dll
2009-05-14 17:29:00 . 2009-05-18 23:39:09 53319 ----a-w C:\ProgramData\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-14 12:33:08 . 2009-05-14 12:33:08 0 d-----w C:\Windows\Log
2009-05-14 12:31:49 . 2009-05-14 12:31:49 0 d-----w C:\Program Files\Common Files\Deterministic Networks
2009-05-14 12:31:48 . 2009-05-14 12:31:48 0 d-----w C:\Program Files\Cisco Systems
2009-05-13 17:51:39 . 2009-05-14 12:29:36 0 d-----w C:\Program Files\SpybotNeu
2009-05-09 18:00:32 . 2008-07-08 11:27:20 166400 ------w C:\Windows\system32\CTOPT352.dll
2009-05-09 18:00:32 . 2008-07-08 09:50:52 61440 ------w C:\Windows\system32\CTChkAud.dll
2009-05-09 17:05:15 . 2008-02-12 09:34:04 16618970 ------w C:\ProgramData\Creative\Media Toolbox6\AddOnPack.exe
2009-05-09 17:00:31 . 2009-05-09 17:03:36 37406376 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-05-09 17:00:04 . 2009-05-09 17:00:29 6657680 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative SoundFont Bank Manager 3.21.00__\SFBM_PCAPP_LB_3_21_00.exe
2009-05-09 16:55:43 . 2009-05-09 16:59:53 62234496 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2009-05-09 16:55:22 . 2009-05-09 16:55:42 6280712 ----a-w C:\ProgramData\Creative\Software Update\cache\DTS Connect Pack for Sound Blaster X-Fi Titanium series 1.03.00__\DTS_PCAPP_LB_1_03_00.exe
2009-05-09 16:54:52 . 2009-05-09 16:55:20 8512328 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-05-09 16:50:03 . 2009-05-09 16:54:48 70681997 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative Console Launcher 2.60.29__\CSL_PCAPP_LB_2_60_29.exe
2009-05-09 16:47:53 . 2009-05-09 16:50:01 30892544 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative 3D MIDI Player 1.11.00__\3DMP_PCAPP_LB_1_11_00.exe
2009-05-09 16:46:05 . 2009-05-09 16:47:51 22973672 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative Diagnostics 5.11.00__\DNT_PCAPP_LB_5_11_00.exe
2009-05-09 16:42:25 . 2009-05-09 16:45:58 56988896 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative Media Toolbox Trial 6.02.09__\MTB6_PCAPP_LB_6_02_09.exe
2009-05-09 16:41:41 . 2009-05-09 16:42:24 12846328 ----a-w C:\ProgramData\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-05-06 11:14:48 . 2009-05-06 11:14:48 32200 ----a-w C:\Windows\system32\drivers\HookCentre.sys
2009-04-30 16:36:12 . 2009-05-24 07:23:32 0 d-----w C:\ProgramData\DVD Shrink
2009-04-30 16:34:48 . 2009-04-30 16:34:48 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\HandBrake
2009-04-30 15:19:40 . 2009-04-30 15:19:40 40960 ----a-w C:\Users\Pawel Wendt\AppData\Roaming\vcshost.exe
2009-04-30 15:19:35 . 2009-04-30 15:19:37 24576 ----a-w C:\Users\Pawel Wendt\AppData\Local\cp_setup_assist.exe
2009-04-30 15:19:35 . 2009-04-30 15:19:35 32768 ----a-w C:\Users\Pawel Wendt\AppData\Roaming\soup.exe
2009-04-30 15:19:29 . 2009-04-30 15:19:29 178 ---ha-w C:\Users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
2009-04-27 08:00:07 . 2009-04-27 08:00:07 56 ---ha-w C:\Windows\system32\ezsidmv.dat
2009-04-27 08:00:06 . 2009-05-21 07:17:37 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\skypePM
2009-04-27 07:59:03 . 2009-05-21 07:31:08 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\Skype
2009-04-27 07:58:43 . 2009-04-27 07:58:43 0 d-----w C:\Program Files\Common Files\Skype
2009-04-27 07:58:43 . 2009-04-27 07:58:43 0 d-----r C:\Program Files\Skype
2009-04-27 07:58:39 . 2009-04-27 07:58:43 0 d-----w C:\ProgramData\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 13:55:48 . 2009-03-30 09:17:51 0 d-----w C:\ProgramData\Babylon
2009-05-25 13:54:28 . 2008-11-19 14:27:32 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2009-05-25 13:30:44 . 2006-11-02 15:33:31 618204 ----a-w C:\Windows\system32\perfh007.dat
2009-05-25 13:30:44 . 2006-11-02 15:33:31 122442 ----a-w C:\Windows\system32\perfc007.dat
2009-05-25 12:02:11 . 2008-11-19 23:34:43 0 d-----w C:\Program Files\StarMoney 6.0 S-Edition
2009-05-23 08:38:41 . 2008-11-19 23:29:20 0 d-----w C:\ProgramData\Spybot - Search & Destroy
2009-05-22 22:26:05 . 2008-12-03 11:56:28 0 d-----w C:\Program Files\Common Files\Steam
2009-05-22 12:54:32 . 2009-03-12 22:41:36 0 d-----w C:\ProgramData\Roxio
2009-05-19 20:05:37 . 2008-12-11 23:08:15 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\teamspeak2
2009-05-19 10:32:49 . 2008-11-19 14:57:55 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\Azureus
2009-05-18 23:54:25 . 2008-11-19 14:20:02 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-05-14 18:36:02 . 2008-11-26 21:15:37 0 d-----w C:\ProgramData\CyberLink
2009-05-14 17:43:38 . 2008-11-26 21:33:30 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\CyberLink
2009-05-14 15:39:37 . 2009-04-02 19:33:26 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\Creative
2009-05-13 10:53:21 . 2008-11-19 22:40:34 0 d-----w C:\ProgramData\Microsoft Help
2009-05-13 10:52:36 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-05-09 18:38:05 . 2009-04-02 19:27:51 0 d-----w C:\ProgramData\Creative
2009-05-09 18:05:08 . 2009-04-02 19:25:45 0 d--h--w C:\Program Files\Creative Installation Information
2009-05-09 18:02:44 . 2009-04-02 19:19:05 0 d-----w C:\Program Files\Creative
2009-05-07 06:35:01 . 2008-11-20 01:05:36 29128 ----a-w C:\Windows\system32\drivers\GRD.sys
2009-05-06 11:16:54 . 2008-11-19 15:40:49 0 d-----w C:\ProgramData\G DATA
2009-05-06 11:14:32 . 2008-11-19 15:40:42 40392 ----a-w C:\Windows\system32\drivers\gdwfpcd32.sys
2009-05-06 11:14:21 . 2008-11-19 15:40:23 0 d-----w C:\Program Files\Common Files\G DATA
2009-05-06 11:14:13 . 2008-11-19 15:40:23 0 d-----w C:\Program Files\G DATA
2009-04-29 09:05:40 . 2008-11-19 13:39:59 144528 ----a-w C:\Users\Pawel Wendt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 08:57:05 . 2008-11-19 22:43:07 0 d-----w C:\Program Files\Microsoft Works
2009-04-24 17:10:47 . 2009-03-30 09:17:51 0 d-----w C:\Users\Pawel Wendt\AppData\Roaming\Babylon
2009-04-24 16:47:08 . 2009-04-24 16:46:51 0 d-----w C:\Program Files\Teamspeak2_RC2
2009-04-23 09:21:53 . 2008-11-19 14:57:40 0 d-----w C:\Program Files\Vuze
2009-04-17 21:54:56 . 2009-04-17 21:54:51 0 d-----w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 21:54:56 . 2009-04-17 21:54:51 0 d-----w C:\Program Files\iTunes
2009-04-17 21:54:52 . 2009-04-17 21:54:52 0 d-----w C:\Program Files\iPod
2009-04-17 21:54:51 . 2008-11-19 23:25:46 0 d-----w C:\Program Files\Common Files\Apple
2009-04-17 21:51:53 . 2009-04-17 21:51:53 75048 ----a-w C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 13:09:57 . 2008-11-19 14:57:02 0 d-----w C:\Program Files\Java
2009-04-03 13:19:19 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Sidebar
2009-04-03 13:07:43 . 2008-11-19 15:40:58 50632 ----a-w C:\Windows\system32\drivers\MiniIcpt.sys
2009-04-02 21:57:19 . 2009-04-02 21:57:19 0 d-----w C:\Program Files\MozBackup
2009-04-02 20:11:15 . 2009-04-02 19:24:25 413696 ----a-w C:\Windows\system32\wrap_oal.dll
2009-04-02 20:11:15 . 2009-04-02 19:24:25 110592 ----a-w C:\Windows\system32\OpenAL32.dll
2009-04-02 19:30:07 . 2009-04-02 19:20:26 0 d-----w C:\Program Files\Common Files\Creative Labs Shared
2009-04-02 19:25:47 . 2009-04-02 19:25:47 0 d-----w C:\Program Files\Common Files\Creative
2009-04-02 19:24:25 . 2009-04-02 19:24:25 0 d-----w C:\Program Files\OpenAL
2009-04-02 19:20:49 . 2009-04-02 19:20:49 0 d-----w C:\ProgramData\Creative Labs
2009-04-01 19:22:59 . 2009-04-01 19:22:54 0 d-----w C:\Program Files\iLinc
2009-03-26 09:24:30 . 2008-12-18 16:49:31 604416 ----a-w C:\Windows\system32\TUProgSt.exe
2009-03-26 09:24:25 . 2009-03-26 09:24:25 360704 ----a-w C:\Windows\system32\TuneUpDefragService.exe
2009-03-20 14:01:14 . 2009-03-26 09:24:29 17152 ----a-w C:\Windows\system32\authuitu.dll
2009-03-20 14:01:04 . 2009-03-26 09:24:29 28416 ----a-w C:\Windows\system32\uxtuneup.dll
2009-03-19 14:32:48 . 2009-04-17 21:54:56 23400 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32:48 . 2009-03-19 14:32:48 23400 ----a-w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38:46 . 2009-04-17 21:02:44 13824 ----a-w C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-17 21:02:44 24064 ----a-w C:\Windows\system32\amxread.dll
2009-03-16 21:33:54 . 2009-03-16 21:33:54 4361216 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2009-03-16 20:28:00 . 2009-03-16 20:28:00 442368 ----a-w C:\Windows\system32\ATIDEMGX.dll
2009-03-16 20:27:34 . 2009-03-16 20:27:34 290816 ----a-w C:\Windows\system32\atieclxx.exe
2009-03-16 20:27:06 . 2009-03-16 20:27:06 180224 ----a-w C:\Windows\system32\atiesrxx.exe
2009-03-16 20:26:02 . 2008-10-29 02:20:31 159744 ----a-w C:\Windows\system32\atitmmxx.dll
2009-03-16 20:25:44 . 2008-10-29 02:20:18 348160 ----a-w C:\Windows\system32\atipdlxx.dll
2009-03-16 20:25:30 . 2009-03-16 20:25:30 274432 ----a-w C:\Windows\system32\Oemdspif.dll
2009-03-16 20:25:22 . 2009-03-16 20:25:22 11776 ----a-w C:\Windows\system32\atimuixx.dll
2009-03-16 20:25:14 . 2009-03-16 20:25:14 43520 ----a-w C:\Windows\system32\ati2edxx.dll
2009-03-16 20:21:58 . 2009-03-16 20:21:58 2381312 ----a-w C:\Windows\system32\atidxx32.dll
2009-03-16 20:11:16 . 2008-10-29 02:03:13 3837440 ----a-w C:\Windows\system32\atiumdag.dll
2009-03-16 19:57:52 . 2009-03-16 19:57:52 11520000 ----a-w C:\Windows\system32\atioglxx.dll
2009-03-16 19:53:54 . 2008-10-29 01:41:46 4950528 ----a-w C:\Windows\system32\atiumdva.dll
2009-03-16 19:41:56 . 2009-03-16 19:41:56 51712 ----a-w C:\Windows\system32\amdpcom32.dll
2009-03-16 19:41:54 . 2009-03-16 19:41:54 51712 ----a-w C:\Windows\system32\atimpc32.dll
2009-03-16 19:41:22 . 2009-03-16 19:41:22 151552 ----a-w C:\Windows\system32\atiadlxx.dll
2009-03-16 19:36:18 . 2009-03-16 19:36:18 53248 ----a-w C:\Windows\system32\aticalrt.dll
2009-03-16 19:36:06 . 2009-03-16 19:36:06 53248 ----a-w C:\Windows\system32\aticalcl.dll
2009-03-16 19:35:00 . 2009-03-16 19:35:00 3272704 ----a-w C:\Windows\system32\aticaldd.dll
2009-03-16 19:27:40 . 2009-03-16 19:27:40 53248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2009-03-09 03:19:08 . 2008-11-19 14:57:14 410984 ----a-w C:\Windows\system32\deploytk.dll
2009-03-08 11:34:57 . 2009-04-29 08:52:40 914944 ----a-w C:\Windows\system32\wininet.dll
2009-03-08 11:34:28 . 2009-04-29 08:52:42 43008 ----a-w C:\Windows\system32\licmgr10.dll
2009-03-08 11:33:38 . 2009-04-29 08:52:43 18944 ----a-w C:\Windows\system32\corpol.dll
2009-03-08 11:33:17 . 2009-04-29 08:52:40 109056 ----a-w C:\Windows\system32\iesysprep.dll
2009-03-08 11:33:16 . 2009-04-29 08:52:40 109568 ----a-w C:\Windows\system32\PDMSetup.exe
2009-03-08 11:33:15 . 2009-04-29 08:52:40 132608 ----a-w C:\Windows\system32\ieUnatt.exe
2009-03-08 11:33:15 . 2009-04-29 08:52:40 107520 ----a-w C:\Windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33:15 . 2009-04-29 08:52:40 107008 ----a-w C:\Windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33:15 . 2009-04-29 08:52:40 103936 ----a-w C:\Windows\system32\SetDepNx.exe
2009-03-08 11:33:04 . 2009-04-29 08:52:41 420352 ----a-w C:\Windows\system32\vbscript.dll
2009-03-08 11:32:54 . 2009-04-29 08:52:43 72704 ----a-w C:\Windows\system32\admparse.dll
2009-03-08 11:32:49 . 2009-04-29 08:52:42 71680 ----a-w C:\Windows\system32\iesetup.dll
2009-03-08 11:32:38 . 2009-04-29 08:52:42 66560 ----a-w C:\Windows\system32\wextract.exe
2009-03-08 11:32:32 . 2009-04-29 08:52:40 169472 ----a-w C:\Windows\system32\iexpress.exe
2009-03-08 11:31:37 . 2009-04-29 08:52:43 34816 ----a-w C:\Windows\system32\imgutil.dll
2009-03-08 11:31:17 . 2009-04-29 08:52:43 48128 ----a-w C:\Windows\system32\mshtmler.dll
2009-03-08 11:31:00 . 2009-04-29 08:52:40 45568 ----a-w C:\Windows\system32\mshta.exe
2009-03-08 11:22:37 . 2009-04-29 08:52:43 156160 ----a-w C:\Windows\system32\msls31.dll
2009-03-05 22:59:00 . 2009-03-05 22:59:00 36864 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2009-03-05 22:59:00 . 2009-03-05 22:59:00 1900544 ----a-w C:\Windows\system32\usbaaplrc.dll
2009-03-03 19:56:00 . 2009-03-03 19:56:00 118784 ----a-w C:\Windows\system32\atibtmon.exe
2009-03-03 04:46:01 . 2009-04-17 21:03:10 3599328 ----a-w C:\Windows\system32\ntkrnlpa.exe
2009-03-03 04:46:01 . 2009-04-17 21:03:10 3547632 ----a-w C:\Windows\system32\ntoskrnl.exe
2009-03-03 04:39:36 . 2009-04-17 21:03:08 183296 ----a-w C:\Windows\system32\sdohlp.dll
2009-03-03 04:39:32 . 2009-04-17 21:03:10 551424 ----a-w C:\Windows\system32\rpcss.dll
2009-03-03 04:39:22 . 2009-04-17 21:03:08 26112 ----a-w C:\Windows\system32\printfilterpipelineprxy.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 10:42:42 6687264]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 16:43:22 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 16:57:24 2095640]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2009-03-31 15:35:01 3563232]
"G DATA AntiVirus Trayapplication"="C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-03-11 16:30:13 920136]
"VolPanel"="C:\Program Files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 14:31:44 233576]
"CTxfiHlp"="CTXFIHLP.EXE" - C:\Windows\System32\Ctxfihlp.exe [2009-02-19 14:57:58 24576]

C:\Users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
santa.bat [2009-4-30 178]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-5-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 08:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05:34 356352 ----a-w C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"LLPush"=C:\Program Files\iLinc\Client77\bin\LLPush.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdReg"=C:\Windows\UpdReg.EXE
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9FA66A57-A66A-49FE-8615-3AB708E96BC4}"= UDP:C:\Program Files\Java\jre6\bin\javaw.exe:javaw
"{D67A2F44-5AED-4FA6-A41D-782151FA031B}"= TCP:C:\Program Files\Java\jre6\bin\javaw.exe:javaw
"TCP Query User{D7DF9E16-514A-4117-AE98-8A1D7C4B0E34}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{C0975964-7C08-44F9-8544-B2F218540D9F}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{45B063AC-C308-43DB-93C8-01DB28845DF5}"= UDP:42949:Vuze
"{465998AC-F2A6-4229-8EF9-8BDE84BBC2D8}"= TCP:42949:Vuz2
"TCP Query User{EA96257B-0339-41BF-ADA1-4C594D14FE27}E:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= UDP:E:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{CE3F8675-9DE7-414B-9934-80F28EEC5464}E:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= TCP:E:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"{B8F1389E-EB22-4612-A714-6320FB478C60}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{51A8AA01-BC09-45DE-9A17-8CE208DDD321}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{F326ECED-F0AC-4230-9FB1-61ABA715FA33}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{783483B0-355A-492B-AE6F-6A0AA0C2B436}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{09B651A9-6342-44DB-A5D4-3E582C861AAD}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{2F12A67C-C94E-4B88-B5F7-D031F07C9315}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{70F7EC0C-D635-4128-B22C-D1AF9DF74049}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{F6518062-B55B-4CA4-AB80-21906252F949}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{709FAC36-D2FD-4C47-A96E-13AC3ED3E176}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B7592DA6-4E0F-4127-A578-EE36E2432832}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{69EDAB52-83CE-4CE9-BCE6-C1DBF977A684}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C55C6C34-E344-41EA-AF95-3EFF1B4FCEFD}C:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= UDP:C:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"UDP Query User{35E6AF55-192F-44A6-A332-067B4D0CB3D9}C:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= TCP:C:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"{497EFFFE-C710-4504-9189-DBCF6466A47D}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{FF194993-07C1-4FC5-A99D-48BD40E0281E}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{15B8B200-765B-403C-8A22-943E4C8C0F95}"= UDP:3724:Blizzard Downloader: 3724
"{4A57AE41-EA8D-457E-AC08-8C02B0010F98}"= UDP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{2828B22F-0C52-428F-B700-A53C8A779F2B}"= TCP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{93DEAD58-4E0E-4B6E-9D51-4E6E65C438DE}"= UDP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{3629A5A9-FFF3-413C-816B-1FE18B70C94F}"= TCP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{96CC7A26-40B2-497A-8DE8-145791C86278}"= UDP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"{FD90FFE8-1B0F-40CE-A27C-4FB11BED3950}"= TCP:C:\Program Files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"TCP Query User{DC34E972-0CD0-4700-A0A5-CD3BC835B3BF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F1AEE06E-69A2-47B2-82D2-57E9645AA2B4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B006C9C9-F31E-4E0E-B775-C7AFC78674AD}C:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:C:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{C0B3AD76-F483-46F6-A14D-FBAA72089821}C:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:C:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"TCP Query User{E08BDC54-1EBB-459F-A37B-F08E81FA7DA0}C:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= UDP:C:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{5F472325-EC71-4561-B889-80CC989B2FEA}C:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= TCP:C:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"{AEB2B52C-3E8D-424F-B1E7-EB4680E1BF01}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C734AD0B-F5E4-4081-A005-0B37B17DF143}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{72D26C44-E4B9-4D37-A8CE-CC14D5996FF8}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{4C8C08BD-6FDE-4D29-BAF1-F4C0CF43F71B}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{AD678005-1058-413D-B943-628EC2351711}"= UDP:5353:Adobe CSI CS4
"{3396BD38-226D-4799-9C09-0BF0821AFB62}"= UDP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D93AC4B0-D831-439B-9696-63024097000D}"= TCP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{18CB6A02-B6A3-4F05-A03A-54E451137881}"= Disabled:UDP:C:\Program Files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{02ACE406-BE6C-4840-AA88-4A87036219FE}"= Disabled:TCP:C:\Program Files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{A5699D27-8A4F-41FC-B94D-BF631BD6E845}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{C8919076-5273-40BF-8C0C-9C52B3E23C63}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{37CBB8DD-301A-482E-AEB3-FE99071A4DFD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2D066C0B-1886-4A26-9169-FA3377DDFA31}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A33E0571-47F2-48B0-A80B-1956F62B4B5F}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1CB12BE4-15A6-4BEB-925F-0C414442DA19}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{839C12DF-C720-43D3-AA3A-130E4A802460}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A906D5EC-D0A5-4C6A-BDAB-B3B1787F13D8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A3D31F9A-6C56-448D-B9D7-17C2B59B8C67}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7AC2B63A-0D32-42A1-9098-3A7DE539E9F3}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5C37E0DC-7001-4B02-96B1-72C76E0E5E8D}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82B53430-35B1-464D-B6DE-CB67B058F266}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{FE22003D-32DA-4AF2-AE58-C09CFD0628C0}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{ECADC26E-9281-4861-BE99-1626CAA0FB7D}"= UDP:C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{D5711932-DD1D-4EE5-B87C-07E5608E47A0}"= TCP:C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{EF022531-98A0-47D7-87E8-0878496C6270}"= UDP:C:\Games\World of Warcraft\Wow.exe:World of Warcraft
"{8BD8F904-D7B8-40E6-AAF7-185910146329}"= TCP:C:\Games\World of Warcraft\Wow.exe:World of Warcraft
"TCP Query User{3A9C70BB-AADB-4CFD-8896-A8578D5D9A31}C:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:C:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{4BA76B47-D443-4258-B0AA-E39A89EC5D6D}C:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:C:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"{5CACC4B7-3044-49C3-A208-00A82449665A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{48572393-228F-4CFE-A4B0-962F495C0CD4}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8A817F09-9C94-479A-A423-7AD50E246354}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CD070C4C-B0A7-4EF5-9363-E76D3288EFF6}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{407663BB-497D-4EF0-8F69-A58CDD5F90B6}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F38E449A-E469-4FAE-8E68-A42ADFE1CC1A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{61FEE3D5-A489-4F71-B8A8-6AF7828ED92F}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3A5A9888-84D6-4C62-BA6E-573C9D8B08C6}C:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= UDP:C:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2
"UDP Query User{6A5A890C-108E-49C6-B3B9-A130B96A7DC1}C:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= TCP:C:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2

R1 gdwfpcd;G DATA WFP CD;C:\Windows\System32\drivers\gdwfpcd32.sys [19.11.2008 17:40:42 40392]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [20.11.2008 03:05:36 29128]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [16.03.2009 22:27:06 180224]
R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [02.03.2009 13:09:30 1117768]
R2 AVKService;G Data Scheduler;C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe [02.03.2009 13:09:30 388168]
R2 AVKWCtl;G Data Dateisystem Wächter;C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe [25.02.2009 02:32:46 1206096]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;C:\Windows\System32\TUProgSt.exe [18.12.2008 18:49:31 604416]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42:26 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43:50 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43:10 73752]
R3 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [19.11.2008 17:40:58 50632]
R3 GDScan;G Data Scanner;C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [25.02.2009 02:47:46 298568]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [19.02.2009 18:54:48 1222680]
R3 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [06.05.2009 13:14:48 32200]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [09.05.2009 19:59:45 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [02.04.2009 21:20:26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [02.04.2009 21:30:01 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42:26 198168]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43:50 1353240]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43:10 73752]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [09.01.2009 14:10:02 55264]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [08.12.2008 18:01:58 533344]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [19.11.2008 17:13:19 33752]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-05-25 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 14:17:38 . 2009-03-20 14:17:38]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-procexp90.Sys


.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - C:\Users\Pawel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\n06rtz2k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPiL77.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

 

[raman]

Pruefe bitte C:\Users\Pawel Wendt\AppData\Roaming\vcshost.exe bei www.virustotal.com und poste den Link zum Ergebniss...

Nachtrag: Das Combofix Log war nicht vollstaendig. Da fehlt am Ende noch ein paar Zeilen...

 

[the_angry_banana]

Ich habe bei dem Combofix Log nochmal nachgeschat. Es hört dort wirklich bei mir auf. Hier das andere Log:

Datei vcshost.exe empfangen 2009.05.25 14:19:43 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 38 und 55 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.25 -
AhnLab-V3 5.0.0.2 2009.05.25 -
AntiVir 7.9.0.168 2009.05.25 -
Antiy-AVL 2.0.3.1 2009.05.25 -
Authentium 5.1.2.4 2009.05.25 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.25 -
BitDefender 7.2 2009.05.25 -
CAT-QuickHeal 10.00 2009.05.25 -
ClamAV 0.94.1 2009.05.25 -
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.25 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.25 -
F-Secure 8.0.14470.0 2009.05.25 -
Fortinet 3.117.0.0 2009.05.25 -
GData 19 2009.05.25 -
Ikarus T3.1.1.49.0 2009.05.25 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.25 -
McAfee 5625 2009.05.24 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.25 -
Microsoft 1.4701 2009.05.25 -
NOD32 4101 2009.05.25 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.25 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.25 -
Rising 21.31.04.00 2009.05.25 -
Sophos 4.42.0 2009.05.25 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.25 -
TheHacker 6.3.4.3.331 2009.05.25 -
TrendMicro 8.950.0.1092 2009.05.25 -
VBA32 3.12.10.5 2009.05.25 -
ViRobot 2009.5.25.1751 2009.05.25 -
VirusBuster 4.6.5.0 2009.05.24 -
weitere Informationen
File size: 40960 bytes
MD5...: 59f6944aa4cf3307914d2d120c232c28
SHA1..: ed8fab3aaf07ab0cd6a086f915f8a32bc2d9ca79
SHA256: 96e34e246fbfa03ad14d8f2d97645e30e8ffe110acf09563be2dc049cc2d9935
ssdeep: 768:KmylHd8B8fKNyVqUBRFtjeDEGLhOEYLhFxE9LhopyGhHZb:k8OEUBGLh7YLh
w9LhA3b
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15ec
timedatestamp.....: 0x49f70a95 (Tue Apr 28 13:54:29 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6d10 0x7000 5.59 6d7eae9c9646e65d73386a218e37f256
.data 0x8000 0x1324 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0xa000 0x898 0x1000 1.85 9d0782da0fd1fc18c976455fcce8f439

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaLateIdCall, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, -, -, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, -, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaVarMul, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, __vbaI2Var, -, _CIlog, __vbaErrorOverflow, __vbaVarInt, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaLateMemCall, __vbaVarCopy, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaStrVarCopy, _allmul, __vbaLateIdSt, _CItan, __vbaFPInt, _CIexp, __vbaFreeObj, __vbaFreeStr

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

 

[raman]

Lade die Datei bitte hier hoch:
http://www.bleepingcomputer.com/submit-malware.php?channel=49

und druecke mit der rechten Maustaste auf die Combofix.exe und waehle dort "als administrator ausfuehren", ich hoffe, das der Report dann komplett erstellt wird. Diesen bitte wieder hier posten...

 

[raman]

Lade bitte auch die vcshost.exe hoch. Bei dem Combofix Report fehlt wirklich einiges. Ich hoffe als "Administrator" wird es komplett erstellt...

 

[the_angry_banana]

Hier nochmal die Log Daten:

ComboFix 09-05-24.07 - Pawel Wendt 25.05.2009 16:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1202 [GMT 2:00]
ausgeführt von:: c:\users\Pawel Wendt\Desktop\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((( Dateien erstellt von 2009-04-25 bis 2009-05-25 ))))))))))))))))))))))))))))))
.

2009-05-25 14:33 . 2009-05-25 14:35 -------- d-----w c:\users\Pawel Wendt\AppData\Local\temp
2009-05-25 14:01 . 2009-05-25 14:01 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Malwarebytes
2009-05-25 13:25 . 2009-05-25 13:26 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\GetRightToGo
2009-05-25 13:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 13:09 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 13:09 . 2009-05-25 13:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 13:09 . 2009-05-25 13:09 -------- d-----w c:\programdata\Malwarebytes
2009-05-23 08:38 . 2009-05-25 14:00 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-22 14:55 . 2009-05-22 14:57 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-05-22 14:14 . 2009-05-25 14:07 -------- d-----w c:\program files\7-Zip
2009-05-22 13:48 . 2009-05-22 13:48 -------- d--h--r c:\users\Pawel Wendt\AppData\Roaming\SecuROM
2009-05-22 13:48 . 2009-05-22 13:48 98304 ----a-w c:\windows\system32CmdLineExt.dll
2009-05-22 13:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{8867E21A-1364-40ED-A7B3-791DB6787F04}\mpengine.dll
2009-05-22 13:27 . 2009-05-22 13:27 -------- d-----w c:\program files\Alcohol Soft
2009-05-22 13:25 . 2009-05-22 13:25 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-14 17:43 . 2009-05-14 17:43 -------- d-----w c:\users\Pawel Wendt\AppData\Local\PowerDVDCox
2009-05-14 17:43 . 2009-05-14 17:43 -------- d-----w c:\users\Pawel Wendt\AppData\Local\PowerDVDCinema
2009-05-14 17:40 . 2009-05-14 17:40 -------- d-----w c:\users\Public\CyberLink
2009-05-14 17:39 . 2009-05-14 17:39 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\vlc
2009-05-14 17:33 . 2009-05-14 17:33 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-14 17:29 . 2009-05-14 18:16 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-14 17:29 . 2009-05-18 23:39 53319 ----a-w c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-14 12:33 . 2009-05-14 12:33 -------- d-----w c:\windows\Log
2009-05-14 12:31 . 2009-05-14 12:31 -------- d-----w c:\program files\Common Files\Deterministic Networks
2009-05-14 12:31 . 2009-05-14 12:31 -------- d-----w c:\program files\Cisco Systems
2009-05-13 17:51 . 2009-05-14 12:29 -------- d-----w c:\program files\SpybotNeu
2009-05-09 18:00 . 2008-07-08 11:27 166400 ------w c:\windows\system32\CTOPT352.dll
2009-05-09 18:00 . 2008-07-08 09:50 61440 ------w c:\windows\system32\CTChkAud.dll
2009-05-09 17:05 . 2008-02-12 09:34 16618970 ------w c:\programdata\Creative\Media Toolbox6\AddOnPack.exe
2009-05-09 17:00 . 2009-05-09 17:03 37406376 ----a-w c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-05-09 17:00 . 2009-05-09 17:00 6657680 ----a-w c:\programdata\Creative\Software Update\cache\Creative SoundFont Bank Manager 3.21.00__\SFBM_PCAPP_LB_3_21_00.exe
2009-05-09 16:55 . 2009-05-09 16:59 62234496 ----a-w c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2009-05-09 16:55 . 2009-05-09 16:55 6280712 ----a-w c:\programdata\Creative\Software Update\cache\DTS Connect Pack for Sound Blaster X-Fi Titanium series 1.03.00__\DTS_PCAPP_LB_1_03_00.exe
2009-05-09 16:54 . 2009-05-09 16:55 8512328 ----a-w c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-05-09 16:50 . 2009-05-09 16:54 70681997 ----a-w c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.60.29__\CSL_PCAPP_LB_2_60_29.exe
2009-05-09 16:47 . 2009-05-09 16:50 30892544 ----a-w c:\programdata\Creative\Software Update\cache\Creative 3D MIDI Player 1.11.00__\3DMP_PCAPP_LB_1_11_00.exe
2009-05-09 16:46 . 2009-05-09 16:47 22973672 ----a-w c:\programdata\Creative\Software Update\cache\Creative Diagnostics 5.11.00__\DNT_PCAPP_LB_5_11_00.exe
2009-05-09 16:42 . 2009-05-09 16:45 56988896 ----a-w c:\programdata\Creative\Software Update\cache\Creative Media Toolbox Trial 6.02.09__\MTB6_PCAPP_LB_6_02_09.exe
2009-05-09 16:41 . 2009-05-09 16:42 12846328 ----a-w c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-05-06 11:14 . 2009-05-06 11:14 32200 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-04-30 16:36 . 2009-05-24 07:23 -------- d-----w c:\programdata\DVD Shrink
2009-04-30 16:34 . 2009-04-30 16:34 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\HandBrake
2009-04-30 15:19 . 2009-04-30 15:19 40960 ----a-w c:\users\Pawel Wendt\AppData\Roaming\vcshost.exe
2009-04-30 15:19 . 2009-04-30 15:19 24576 ----a-w c:\users\Pawel Wendt\AppData\Local\cp_setup_assist.exe
2009-04-30 15:19 . 2009-04-30 15:19 32768 ----a-w c:\users\Pawel Wendt\AppData\Roaming\soup.exe
2009-04-30 15:19 . 2009-04-30 15:19 178 ---ha-w c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
2009-04-27 08:00 . 2009-04-27 08:00 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-27 08:00 . 2009-05-21 07:17 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\skypePM
2009-04-27 07:59 . 2009-05-21 07:31 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----w c:\program files\Common Files\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----r c:\program files\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----w c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 14:35 . 2009-03-30 09:17 -------- d-----w c:\programdata\Babylon
2009-05-25 14:34 . 2008-11-19 14:27 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-25 14:04 . 2006-11-02 15:33 618204 ----a-w c:\windows\system32\perfh007.dat
2009-05-25 14:04 . 2006-11-02 15:33 122442 ----a-w c:\windows\system32\perfc007.dat
2009-05-25 14:00 . 2008-11-19 23:29 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-25 12:02 . 2008-11-19 23:34 -------- d-----w c:\program files\StarMoney 6.0 S-Edition
2009-05-22 22:26 . 2008-12-03 11:56 -------- d-----w c:\program files\Common Files\Steam
2009-05-22 12:54 . 2009-03-12 22:41 -------- d-----w c:\programdata\Roxio
2009-05-19 20:05 . 2008-12-11 23:08 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\teamspeak2
2009-05-19 10:32 . 2008-11-19 14:57 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Azureus
2009-05-18 23:54 . 2008-11-19 14:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 18:36 . 2008-11-26 21:15 -------- d-----w c:\programdata\CyberLink
2009-05-14 17:43 . 2008-11-26 21:33 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\CyberLink
2009-05-14 15:39 . 2009-04-02 19:33 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Creative
2009-05-13 10:53 . 2008-11-19 22:40 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 10:52 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-09 18:38 . 2009-04-02 19:27 -------- d-----w c:\programdata\Creative
2009-05-09 18:05 . 2009-04-02 19:25 -------- d--h--w c:\program files\Creative Installation Information
2009-05-09 18:02 . 2009-04-02 19:19 -------- d-----w c:\program files\Creative
2009-05-07 06:35 . 2008-11-20 01:05 29128 ----a-w c:\windows\system32\drivers\GRD.sys
2009-05-06 11:16 . 2008-11-19 15:40 -------- d-----w c:\programdata\G DATA
2009-05-06 11:14 . 2008-11-19 15:40 40392 ----a-w c:\windows\system32\drivers\gdwfpcd32.sys
2009-05-06 11:14 . 2008-11-19 15:40 -------- d-----w c:\program files\Common Files\G DATA
2009-05-06 11:14 . 2008-11-19 15:40 -------- d-----w c:\program files\G DATA
2009-04-29 09:05 . 2008-11-19 13:39 144528 ----a-w c:\users\Pawel Wendt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 08:57 . 2008-11-19 22:43 -------- d-----w c:\program files\Microsoft Works
2009-04-24 17:10 . 2009-03-30 09:17 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Babylon
2009-04-24 16:47 . 2009-04-24 16:46 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-23 09:21 . 2008-11-19 14:57 -------- d-----w c:\program files\Vuze
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\program files\iTunes
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\program files\iPod
2009-04-17 21:54 . 2008-11-19 23:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 21:51 . 2009-04-17 21:51 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 13:09 . 2008-11-19 14:57 -------- d-----w c:\program files\Java
2009-04-03 13:19 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-03 13:07 . 2008-11-19 15:40 50632 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-04-02 21:57 . 2009-04-02 21:57 -------- d-----w c:\program files\MozBackup
2009-04-02 20:11 . 2009-04-02 19:24 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-02 20:11 . 2009-04-02 19:24 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-02 19:30 . 2009-04-02 19:20 -------- d-----w c:\program files\Common Files\Creative Labs Shared
2009-04-02 19:25 . 2009-04-02 19:25 -------- d-----w c:\program files\Common Files\Creative
2009-04-02 19:24 . 2009-04-02 19:24 -------- d-----w c:\program files\OpenAL
2009-04-02 19:20 . 2009-04-02 19:20 -------- d-----w c:\programdata\Creative Labs
2009-04-01 19:22 . 2009-04-01 19:22 -------- d-----w c:\program files\iLinc
2009-03-26 09:24 . 2008-12-18 16:49 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-26 09:24 . 2009-03-26 09:24 360704 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-20 14:01 . 2009-03-26 09:24 17152 ----a-w c:\windows\system32\authuitu.dll
2009-03-20 14:01 . 2009-03-26 09:24 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-03-19 14:32 . 2009-04-17 21:54 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-17 21:02 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 21:02 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 21:33 . 2009-03-16 21:33 4361216 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-03-16 20:28 . 2009-03-16 20:28 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-03-16 20:27 . 2009-03-16 20:27 290816 ----a-w c:\windows\system32\atieclxx.exe
2009-03-16 20:27 . 2009-03-16 20:27 180224 ----a-w c:\windows\system32\atiesrxx.exe
2009-03-16 20:26 . 2008-10-29 02:20 159744 ----a-w c:\windows\system32\atitmmxx.dll
2009-03-16 20:25 . 2008-10-29 02:20 348160 ----a-w c:\windows\system32\atipdlxx.dll
2009-03-16 20:25 . 2009-03-16 20:25 274432 ----a-w c:\windows\system32\Oemdspif.dll
2009-03-16 20:25 . 2009-03-16 20:25 11776 ----a-w c:\windows\system32\atimuixx.dll
2009-03-16 20:25 . 2009-03-16 20:25 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-03-16 20:21 . 2009-03-16 20:21 2381312 ----a-w c:\windows\system32\atidxx32.dll
2009-03-16 20:11 . 2008-10-29 02:03 3837440 ----a-w c:\windows\system32\atiumdag.dll
2009-03-16 19:57 . 2009-03-16 19:57 11520000 ----a-w c:\windows\system32\atioglxx.dll
2009-03-16 19:53 . 2008-10-29 01:41 4950528 ----a-w c:\windows\system32\atiumdva.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\amdpcom32.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\atimpc32.dll
2009-03-16 19:41 . 2009-03-16 19:41 151552 ----a-w c:\windows\system32\atiadlxx.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalrt.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalcl.dll
2009-03-16 19:35 . 2009-03-16 19:35 3272704 ----a-w c:\windows\system32\aticaldd.dll
2009-03-16 19:27 . 2009-03-16 19:27 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-03-09 03:19 . 2008-11-19 14:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-29 08:52 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-29 08:52 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-29 08:52 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-29 08:52 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-29 08:52 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-29 08:52 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-29 08:52 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-29 08:52 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-29 08:52 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-29 08:52 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-29 08:52 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-29 08:52 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-29 08:52 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-29 08:52 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-29 08:52 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-29 08:52 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-29 08:52 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-29 08:52 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 22:59 . 2009-03-05 22:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 . 2009-03-05 22:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 19:56 . 2009-03-03 19:56 118784 ----a-w c:\windows\system32\atibtmon.exe
2009-03-03 04:46 . 2009-04-17 21:03 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 21:03 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 21:03 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 21:03 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 21:03 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-03-31 3563232]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-03-11 920136]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2009-02-19 24576]

c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
santa.bat [2009-4-30 178]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-5-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LLPush"=c:\program files\iLinc\Client77\bin\LLPush.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdReg"=c:\windows\UpdReg.EXE
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9FA66A57-A66A-49FE-8615-3AB708E96BC4}"= UDP:c:\program files\Java\jre6\bin\javaw.exe:javaw
"{D67A2F44-5AED-4FA6-A41D-782151FA031B}"= TCP:c:\program files\Java\jre6\bin\javaw.exe:javaw
"TCP Query User{D7DF9E16-514A-4117-AE98-8A1D7C4B0E34}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{C0975964-7C08-44F9-8544-B2F218540D9F}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{45B063AC-C308-43DB-93C8-01DB28845DF5}"= UDP:42949:Vuze
"{465998AC-F2A6-4229-8EF9-8BDE84BBC2D8}"= TCP:42949:Vuz2
"TCP Query User{EA96257B-0339-41BF-ADA1-4C594D14FE27}e:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= UDP:e:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{CE3F8675-9DE7-414B-9934-80F28EEC5464}e:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= TCP:e:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"{B8F1389E-EB22-4612-A714-6320FB478C60}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{51A8AA01-BC09-45DE-9A17-8CE208DDD321}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{F326ECED-F0AC-4230-9FB1-61ABA715FA33}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{783483B0-355A-492B-AE6F-6A0AA0C2B436}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{09B651A9-6342-44DB-A5D4-3E582C861AAD}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{2F12A67C-C94E-4B88-B5F7-D031F07C9315}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{70F7EC0C-D635-4128-B22C-D1AF9DF74049}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{F6518062-B55B-4CA4-AB80-21906252F949}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{709FAC36-D2FD-4C47-A96E-13AC3ED3E176}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B7592DA6-4E0F-4127-A578-EE36E2432832}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{69EDAB52-83CE-4CE9-BCE6-C1DBF977A684}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C55C6C34-E344-41EA-AF95-3EFF1B4FCEFD}c:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"UDP Query User{35E6AF55-192F-44A6-A332-067B4D0CB3D9}c:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"{497EFFFE-C710-4504-9189-DBCF6466A47D}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{FF194993-07C1-4FC5-A99D-48BD40E0281E}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{15B8B200-765B-403C-8A22-943E4C8C0F95}"= UDP:3724:Blizzard Downloader: 3724
"{4A57AE41-EA8D-457E-AC08-8C02B0010F98}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{2828B22F-0C52-428F-B700-A53C8A779F2B}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{93DEAD58-4E0E-4B6E-9D51-4E6E65C438DE}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{3629A5A9-FFF3-413C-816B-1FE18B70C94F}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{96CC7A26-40B2-497A-8DE8-145791C86278}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"{FD90FFE8-1B0F-40CE-A27C-4FB11BED3950}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"TCP Query User{DC34E972-0CD0-4700-A0A5-CD3BC835B3BF}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F1AEE06E-69A2-47B2-82D2-57E9645AA2B4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B006C9C9-F31E-4E0E-B775-C7AFC78674AD}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{C0B3AD76-F483-46F6-A14D-FBAA72089821}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"TCP Query User{E08BDC54-1EBB-459F-A37B-F08E81FA7DA0}c:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= UDP:c:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{5F472325-EC71-4561-B889-80CC989B2FEA}c:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= TCP:c:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"{AEB2B52C-3E8D-424F-B1E7-EB4680E1BF01}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C734AD0B-F5E4-4081-A005-0B37B17DF143}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{72D26C44-E4B9-4D37-A8CE-CC14D5996FF8}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{4C8C08BD-6FDE-4D29-BAF1-F4C0CF43F71B}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{AD678005-1058-413D-B943-628EC2351711}"= UDP:5353:Adobe CSI CS4
"{3396BD38-226D-4799-9C09-0BF0821AFB62}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D93AC4B0-D831-439B-9696-63024097000D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{18CB6A02-B6A3-4F05-A03A-54E451137881}"= Disabled:UDP:c:\program files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{02ACE406-BE6C-4840-AA88-4A87036219FE}"= Disabled:TCP:c:\program files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{A5699D27-8A4F-41FC-B94D-BF631BD6E845}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{C8919076-5273-40BF-8C0C-9C52B3E23C63}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{37CBB8DD-301A-482E-AEB3-FE99071A4DFD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2D066C0B-1886-4A26-9169-FA3377DDFA31}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A33E0571-47F2-48B0-A80B-1956F62B4B5F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1CB12BE4-15A6-4BEB-925F-0C414442DA19}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{839C12DF-C720-43D3-AA3A-130E4A802460}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A906D5EC-D0A5-4C6A-BDAB-B3B1787F13D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3D31F9A-6C56-448D-B9D7-17C2B59B8C67}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7AC2B63A-0D32-42A1-9098-3A7DE539E9F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C37E0DC-7001-4B02-96B1-72C76E0E5E8D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82B53430-35B1-464D-B6DE-CB67B058F266}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{FE22003D-32DA-4AF2-AE58-C09CFD0628C0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{ECADC26E-9281-4861-BE99-1626CAA0FB7D}"= UDP:c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{D5711932-DD1D-4EE5-B87C-07E5608E47A0}"= TCP:c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{EF022531-98A0-47D7-87E8-0878496C6270}"= UDP:c:\games\World of Warcraft\Wow.exe:World of Warcraft
"{8BD8F904-D7B8-40E6-AAF7-185910146329}"= TCP:c:\games\World of Warcraft\Wow.exe:World of Warcraft
"TCP Query User{3A9C70BB-AADB-4CFD-8896-A8578D5D9A31}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{4BA76B47-D443-4258-B0AA-E39A89EC5D6D}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"{5CACC4B7-3044-49C3-A208-00A82449665A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48572393-228F-4CFE-A4B0-962F495C0CD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A817F09-9C94-479A-A423-7AD50E246354}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD070C4C-B0A7-4EF5-9363-E76D3288EFF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{407663BB-497D-4EF0-8F69-A58CDD5F90B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F38E449A-E469-4FAE-8E68-A42ADFE1CC1A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{61FEE3D5-A489-4F71-B8A8-6AF7828ED92F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3A5A9888-84D6-4C62-BA6E-573C9D8B08C6}c:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2
"UDP Query User{6A5A890C-108E-49C6-B3B9-A130B96A7DC1}c:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2

R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [19.11.2008 17:40 40392]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [20.11.2008 03:05 29128]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43 73752]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [19.11.2008 17:40 50632]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\System32\drivers\ha20x22k.sys [19.02.2009 18:54 1222680]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [06.05.2009 13:14 32200]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43 73752]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09.01.2009 14:10 55264]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-05-25 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 14:17]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-procexp90.Sys


.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\users\Pawel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\n06rtz2k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPiL77.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 16:35
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2584977684-1754756360-1121880361-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,eb,d4,03,08,6f,2c,8a,49,7a,6a,37,90,d1,38,d7,f8,cb,cc,10,fa,70,db,
26,f7,0f,71,e1,8e,48,98,cf,fd,76,cf,6b,61,3c,6e,04,46,0e,71,95,49,3e,d6,7f,\
"??"=hex:6d,e4,9a,59,e8,8b,9e,9c,6e,45,cc,40,3e,e5,f9,d0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b8,69,2b,c4,f2,
ea,eb,40,e2,63,26,f1,3f,c8,ff,68,19,8d,1d,ac,ac,ca,69,79,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,dc,8a,6e,52,89,
fd,c3,d8,6a,9c,d6,61,af,45,84,18,0d,fa,0a,b0,15,0f,e7,68,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,55,15,ea,28,8c,
73,d7,82,ff,7c,85,e0,43,d4,0e,fe,d1,9e,af,8b,b4,46,d2,03,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,30,51,0d,46,c6,
5b,27,2e,86,8c,21,01,be,91,eb,e7,f5,b3,e4,8e,85,55,cc,ec,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5c,19,16,27,eb,
45,1c,5c,f5,1d,4d,73,a8,13,5c,05,4d,ba,69,53,f0,1c,ef,71,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,45,e8,60,bf,
e9,b8,6e,df,20,58,62,78,6b,cf,c8,6b,17,c4,c0,c3,58,c1,8e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,2b,cf,93,b9,30,
7f,50,8e,fb,a7,78,e6,12,2f,9a,ea,de,9a,80,18,84,83,ef,6c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f8,af,a8,f6,ff,
7f,05,8e,01,3a,48,fc,e8,04,4a,f1,f6,88,1b,65,bb,da,8c,3d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f5,29,cf,70,9d,
be,48,c2,f6,0f,4e,58,98,5b,89,c9,87,68,52,de,36,fb,b3,f2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,c8,53,d4,78,d8,
72,c8,3d,3d,ce,ea,26,2d,45,aa,78,b9,d3,c0,43,56,e2,bb,43,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,06,0d,54,5b,19,
44,35,7e,2a,b7,cc,b5,b9,7f,41,e7,34,bb,6a,78,4d,22,3f,73,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,9c,9b,85,f5,b4,
14,70,3f,6c,43,2d,1e,aa,22,2f,9c,c6,d4,4b,6b,dc,d3,f6,3d,6c,43,2d,1e,aa,22,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(8256)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\atiesrxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe
c:\program files\G DATA\AntiVirus\AVK\AVKService.exe
c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\G DATA\GDScan\GDScan.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\windows\System32\CTxfispi.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-25 16:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-25 14:37

Vor Suchlauf: 15 Verzeichnis(se), 75.368.538.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 75.212.640.256 Bytes frei

447 --- E O F --- 2009-05-22 13:30

 

[raman]

Die beiden Dateien waeren auch noch "hochlad" Kandidaten...

c:\users\Pawel Wendt\AppData\Roaming\soup.exe
c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat

 

[the_angry_banana]

Also erstmal bis hier her VIELEN DANK für Deine Hilfe! Echt toll! :bigthumb:
Hier die Logs von Soup:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.25 -
AhnLab-V3 5.0.0.2 2009.05.25 -
AntiVir 7.9.0.168 2009.05.25 -
Antiy-AVL 2.0.3.1 2009.05.25 -
Authentium 5.1.2.4 2009.05.25 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.25 -
BitDefender 7.2 2009.05.25 -
CAT-QuickHeal 10.00 2009.05.25 -
ClamAV 0.94.1 2009.05.25 -
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.25 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.25 -
F-Secure 8.0.14470.0 2009.05.25 -
Fortinet 3.117.0.0 2009.05.25 -
GData 19 2009.05.25 -
Ikarus T3.1.1.49.0 2009.05.25 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.25 -
McAfee 5625 2009.05.24 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.25 -
Microsoft 1.4701 2009.05.25 -
NOD32 4101 2009.05.25 -
Norman 6.01.05 2009.05.25 -
nProtect 2009.1.8.0 2009.05.25 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.25 -
Rising 21.31.04.00 2009.05.25 -
Sophos 4.42.0 2009.05.25 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.25 -
TheHacker 6.3.4.3.331 2009.05.25 -
TrendMicro 8.950.0.1092 2009.05.25 -
VBA32 3.12.10.5 2009.05.25 -
ViRobot 2009.5.25.1751 2009.05.25 -
weitere Informationen
File size: 32768 bytes
MD5 : e6965e4ff4d85f36f5eaf81cb6f6ceb4
SHA1 : 9e9a70504bf0517115aea674f58adf962ab11d95
SHA256: ef9e4b798c5ade4578cf7231157fbddffa81c0b23e6eb3dcf53f7f9adbcc33fc
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x144C
timedatestamp.....: 0x49F6FD52 (Tue Apr 28 14:57:54 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4DAC 0x5000 5.64 44e692e5f111653762b135652fee30ad
.data 0x6000 0x1B20 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x8000 0x93C 0x1000 2.01 91e81341e2d396d639317ceb37cb9b7c

( 1 imports )

> msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaLateIdCall, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaRaiseEvent, -, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaI2I4, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarCopy, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaStrVarCopy, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )
TrID : File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
ssdeep: 384IDtUWCsrHKekbMuddd2h4fuecK/0PSzwM3lbLK0snS6W6Z8hWdGh4fuVubEM136Su
PEiD : -
RDS : NSRL Reference Data Set
-

SANTA läuft grad noch...

 

[raman]

druecke bei der santa.bat mit der rechten Maustaste, waehle bearbeiten und poste den Inhalt bitte hier.

Oder weiss du, was diese Bat startet?

 

[the_angry_banana]

Datei santa.bat empfangen 2009.05.25 15:15:34 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 46 und 66 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.25 -
AhnLab-V3 5.0.0.2 2009.05.25 -
AntiVir 7.9.0.168 2009.05.25 -
Antiy-AVL 2.0.3.1 2009.05.25 -
Authentium 5.1.2.4 2009.05.25 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.25 -
BitDefender 7.2 2009.05.25 -
CAT-QuickHeal 10.00 2009.05.25 -
ClamAV 0.94.1 2009.05.25 -
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.25 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6521 2009.05.25 -
F-Prot 4.4.4.56 2009.05.25 -
F-Secure 8.0.14470.0 2009.05.25 -
Fortinet 3.117.0.0 2009.05.25 -
GData 19 2009.05.25 -
Ikarus T3.1.1.49.0 2009.05.25 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.25 -
McAfee 5626 2009.05.25 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.25 -
Microsoft 1.4701 2009.05.25 -
NOD32 4101 2009.05.25 -
Norman 6.01.05 2009.05.25 -
nProtect 2009.1.8.0 2009.05.25 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.25 -
Rising 21.31.04.00 2009.05.25 -
Sophos 4.42.0 2009.05.25 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.25 -
TheHacker 6.3.4.3.331 2009.05.25 -
TrendMicro 8.950.0.1092 2009.05.25 -
VBA32 3.12.10.5 2009.05.25 -
ViRobot 2009.5.25.1751 2009.05.25 -
VirusBuster 4.6.5.0 2009.05.25 -
weitere Informationen
File size: 178 bytes
MD5...: 0bfdc1068b9d366bd3672b1ee67b4d13
SHA1..: f6d85b347cfcde0047b3efcc99984f6f3fe2f548
SHA256: 6f47c76cc548d31bf021de2243315be240a8f76cc379b1cc544b04d3c1dd9c87
SHA512: 390cdde3154536276f0fd9a517f9068653e82eb725bacd1b456fca6aa9d028ef
70ba3cf8831d48a834618bc865603f8af1340c8e61635637dbda6020b4f9409c
ssdeep: 3:5f7AIbvTPJa7grNkE3WkHso3KRfyM1K7eDBdLbWGdZt7AIDtNHovn:hFrPJa0b
WQtuH1jDWGdZhLCvn
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

 

[the_angry_banana]

Also bei der Santa Datei stehst es sei eine Windows Stapelverarbeitungsdatei.

cd "C:\Windows\system32"
rename jimbob.txt jimbob.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Winsys32sys /t REG_SZ /d "C:\Windows\system32\jimbob.exe"

 

[raman]

Sehr interessant....

Mache bitte folgendes:


1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

http://forums.spybot.info/showthread.php?p=314261#post314261

collect::[49]
C:\Windows\system32\jimbob.exe
C:\Windows\system32\jimbob.txt
c:\users\Pawel Wendt\AppData\Roaming\soup.exe
c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat 
C:\Users\Pawel Wendt\AppData\Roaming\vcshost.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (falls du gefragt wirst, ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

7. Nachdem das Log im Notepad aufgegenagen ist, erscheint ein Popup

Dies mit Ok wegklicken und folge den dort angegebenen Anweisungen.

Poste den neu erstellten Combofix Report

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

 

[the_angry_banana]

soooo....fertig!

ComboFix 09-05-24.07 - Pawel Wendt 25.05.2009 18:03.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1341 [GMT 2:00]
ausgeführt von:: c:\users\Pawel Wendt\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Pawel Wendt\Desktop\CFScript.txt
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


file zipped: c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
file zipped: c:\users\Pawel Wendt\AppData\Roaming\soup.exe
file zipped: c:\users\Pawel Wendt\AppData\Roaming\vcshost.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pawel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
c:\users\Pawel Wendt\AppData\Roaming\soup.exe
c:\users\Pawel Wendt\AppData\Roaming\vcshost.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((( Dateien erstellt von 2009-04-25 bis 2009-05-25 ))))))))))))))))))))))))))))))
.

2009-05-25 16:05 . 2009-05-25 16:07 -------- d-----w c:\users\Pawel Wendt\AppData\Local\temp
2009-05-25 14:01 . 2009-05-25 14:01 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Malwarebytes
2009-05-25 13:25 . 2009-05-25 13:26 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\GetRightToGo
2009-05-25 13:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 13:09 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 13:09 . 2009-05-25 13:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 13:09 . 2009-05-25 13:09 -------- d-----w c:\programdata\Malwarebytes
2009-05-23 08:38 . 2009-05-25 14:00 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-22 14:55 . 2009-05-22 14:57 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-05-22 14:14 . 2009-05-25 14:34 -------- d-----w c:\program files\7-Zip
2009-05-22 13:48 . 2009-05-22 13:48 -------- d--h--r c:\users\Pawel Wendt\AppData\Roaming\SecuROM
2009-05-22 13:48 . 2009-05-22 13:48 98304 ----a-w c:\windows\system32CmdLineExt.dll
2009-05-22 13:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{8867E21A-1364-40ED-A7B3-791DB6787F04}\mpengine.dll
2009-05-22 13:27 . 2009-05-22 13:27 -------- d-----w c:\program files\Alcohol Soft
2009-05-22 13:25 . 2009-05-22 13:25 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-14 17:43 . 2009-05-14 17:43 -------- d-----w c:\users\Pawel Wendt\AppData\Local\PowerDVDCox
2009-05-14 17:43 . 2009-05-14 17:43 -------- d-----w c:\users\Pawel Wendt\AppData\Local\PowerDVDCinema
2009-05-14 17:40 . 2009-05-14 17:40 -------- d-----w c:\users\Public\CyberLink
2009-05-14 17:39 . 2009-05-14 17:39 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\vlc
2009-05-14 17:33 . 2009-05-14 17:33 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-14 17:29 . 2009-05-14 18:16 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-14 17:29 . 2009-05-18 23:39 53319 ----a-w c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-14 12:33 . 2009-05-14 12:33 -------- d-----w c:\windows\Log
2009-05-14 12:31 . 2009-05-14 12:31 -------- d-----w c:\program files\Common Files\Deterministic Networks
2009-05-14 12:31 . 2009-05-14 12:31 -------- d-----w c:\program files\Cisco Systems
2009-05-13 17:51 . 2009-05-14 12:29 -------- d-----w c:\program files\SpybotNeu
2009-05-09 18:00 . 2008-07-08 11:27 166400 ------w c:\windows\system32\CTOPT352.dll
2009-05-09 18:00 . 2008-07-08 09:50 61440 ------w c:\windows\system32\CTChkAud.dll
2009-05-09 17:05 . 2008-02-12 09:34 16618970 ------w c:\programdata\Creative\Media Toolbox6\AddOnPack.exe
2009-05-09 17:00 . 2009-05-09 17:03 37406376 ----a-w c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-05-09 17:00 . 2009-05-09 17:00 6657680 ----a-w c:\programdata\Creative\Software Update\cache\Creative SoundFont Bank Manager 3.21.00__\SFBM_PCAPP_LB_3_21_00.exe
2009-05-09 16:55 . 2009-05-09 16:59 62234496 ----a-w c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2009-05-09 16:55 . 2009-05-09 16:55 6280712 ----a-w c:\programdata\Creative\Software Update\cache\DTS Connect Pack for Sound Blaster X-Fi Titanium series 1.03.00__\DTS_PCAPP_LB_1_03_00.exe
2009-05-09 16:54 . 2009-05-09 16:55 8512328 ----a-w c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-05-09 16:50 . 2009-05-09 16:54 70681997 ----a-w c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.60.29__\CSL_PCAPP_LB_2_60_29.exe
2009-05-09 16:47 . 2009-05-09 16:50 30892544 ----a-w c:\programdata\Creative\Software Update\cache\Creative 3D MIDI Player 1.11.00__\3DMP_PCAPP_LB_1_11_00.exe
2009-05-09 16:46 . 2009-05-09 16:47 22973672 ----a-w c:\programdata\Creative\Software Update\cache\Creative Diagnostics 5.11.00__\DNT_PCAPP_LB_5_11_00.exe
2009-05-09 16:42 . 2009-05-09 16:45 56988896 ----a-w c:\programdata\Creative\Software Update\cache\Creative Media Toolbox Trial 6.02.09__\MTB6_PCAPP_LB_6_02_09.exe
2009-05-09 16:41 . 2009-05-09 16:42 12846328 ----a-w c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-05-06 11:14 . 2009-05-06 11:14 32200 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-04-30 16:36 . 2009-05-24 07:23 -------- d-----w c:\programdata\DVD Shrink
2009-04-30 16:34 . 2009-04-30 16:34 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\HandBrake
2009-04-30 15:19 . 2009-04-30 15:19 24576 ----a-w c:\users\Pawel Wendt\AppData\Local\cp_setup_assist.exe
2009-04-27 08:00 . 2009-04-27 08:00 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-27 08:00 . 2009-05-21 07:17 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\skypePM
2009-04-27 07:59 . 2009-05-21 07:31 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----w c:\program files\Common Files\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----r c:\program files\Skype
2009-04-27 07:58 . 2009-04-27 07:58 -------- d-----w c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 16:08 . 2009-03-30 09:17 -------- d-----w c:\programdata\Babylon
2009-05-25 16:06 . 2008-11-19 14:27 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-25 14:39 . 2006-11-02 15:33 618204 ----a-w c:\windows\system32\perfh007.dat
2009-05-25 14:39 . 2006-11-02 15:33 122442 ----a-w c:\windows\system32\perfc007.dat
2009-05-25 14:00 . 2008-11-19 23:29 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-25 12:02 . 2008-11-19 23:34 -------- d-----w c:\program files\StarMoney 6.0 S-Edition
2009-05-22 22:26 . 2008-12-03 11:56 -------- d-----w c:\program files\Common Files\Steam
2009-05-22 12:54 . 2009-03-12 22:41 -------- d-----w c:\programdata\Roxio
2009-05-19 20:05 . 2008-12-11 23:08 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\teamspeak2
2009-05-19 10:32 . 2008-11-19 14:57 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Azureus
2009-05-18 23:54 . 2008-11-19 14:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 18:36 . 2008-11-26 21:15 -------- d-----w c:\programdata\CyberLink
2009-05-14 17:43 . 2008-11-26 21:33 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\CyberLink
2009-05-14 15:39 . 2009-04-02 19:33 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Creative
2009-05-13 10:53 . 2008-11-19 22:40 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 10:52 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-09 18:38 . 2009-04-02 19:27 -------- d-----w c:\programdata\Creative
2009-05-09 18:05 . 2009-04-02 19:25 -------- d--h--w c:\program files\Creative Installation Information
2009-05-09 18:02 . 2009-04-02 19:19 -------- d-----w c:\program files\Creative
2009-05-07 06:35 . 2008-11-20 01:05 29128 ----a-w c:\windows\system32\drivers\GRD.sys
2009-05-06 11:16 . 2008-11-19 15:40 -------- d-----w c:\programdata\G DATA
2009-05-06 11:14 . 2008-11-19 15:40 40392 ----a-w c:\windows\system32\drivers\gdwfpcd32.sys
2009-05-06 11:14 . 2008-11-19 15:40 -------- d-----w c:\program files\Common Files\G DATA
2009-05-06 11:14 . 2008-11-19 15:40 -------- d-----w c:\program files\G DATA
2009-04-29 09:05 . 2008-11-19 13:39 144528 ----a-w c:\users\Pawel Wendt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 08:57 . 2008-11-19 22:43 -------- d-----w c:\program files\Microsoft Works
2009-04-24 17:10 . 2009-03-30 09:17 -------- d-----w c:\users\Pawel Wendt\AppData\Roaming\Babylon
2009-04-24 16:47 . 2009-04-24 16:46 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-23 09:21 . 2008-11-19 14:57 -------- d-----w c:\program files\Vuze
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\program files\iTunes
2009-04-17 21:54 . 2009-04-17 21:54 -------- d-----w c:\program files\iPod
2009-04-17 21:54 . 2008-11-19 23:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 21:51 . 2009-04-17 21:51 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 13:09 . 2008-11-19 14:57 -------- d-----w c:\program files\Java
2009-04-03 13:19 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-03 13:07 . 2008-11-19 15:40 50632 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-04-02 21:57 . 2009-04-02 21:57 -------- d-----w c:\program files\MozBackup
2009-04-02 20:11 . 2009-04-02 19:24 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-02 20:11 . 2009-04-02 19:24 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-02 19:30 . 2009-04-02 19:20 -------- d-----w c:\program files\Common Files\Creative Labs Shared
2009-04-02 19:25 . 2009-04-02 19:25 -------- d-----w c:\program files\Common Files\Creative
2009-04-02 19:24 . 2009-04-02 19:24 -------- d-----w c:\program files\OpenAL
2009-04-02 19:20 . 2009-04-02 19:20 -------- d-----w c:\programdata\Creative Labs
2009-04-01 19:22 . 2009-04-01 19:22 -------- d-----w c:\program files\iLinc
2009-03-26 09:24 . 2008-12-18 16:49 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-26 09:24 . 2009-03-26 09:24 360704 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-20 14:01 . 2009-03-26 09:24 17152 ----a-w c:\windows\system32\authuitu.dll
2009-03-20 14:01 . 2009-03-26 09:24 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-03-19 14:32 . 2009-04-17 21:54 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-17 21:02 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 21:02 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 21:33 . 2009-03-16 21:33 4361216 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-03-16 20:28 . 2009-03-16 20:28 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-03-16 20:27 . 2009-03-16 20:27 290816 ----a-w c:\windows\system32\atieclxx.exe
2009-03-16 20:27 . 2009-03-16 20:27 180224 ----a-w c:\windows\system32\atiesrxx.exe
2009-03-16 20:26 . 2008-10-29 02:20 159744 ----a-w c:\windows\system32\atitmmxx.dll
2009-03-16 20:25 . 2008-10-29 02:20 348160 ----a-w c:\windows\system32\atipdlxx.dll
2009-03-16 20:25 . 2009-03-16 20:25 274432 ----a-w c:\windows\system32\Oemdspif.dll
2009-03-16 20:25 . 2009-03-16 20:25 11776 ----a-w c:\windows\system32\atimuixx.dll
2009-03-16 20:25 . 2009-03-16 20:25 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-03-16 20:21 . 2009-03-16 20:21 2381312 ----a-w c:\windows\system32\atidxx32.dll
2009-03-16 20:11 . 2008-10-29 02:03 3837440 ----a-w c:\windows\system32\atiumdag.dll
2009-03-16 19:57 . 2009-03-16 19:57 11520000 ----a-w c:\windows\system32\atioglxx.dll
2009-03-16 19:53 . 2008-10-29 01:41 4950528 ----a-w c:\windows\system32\atiumdva.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\amdpcom32.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\atimpc32.dll
2009-03-16 19:41 . 2009-03-16 19:41 151552 ----a-w c:\windows\system32\atiadlxx.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalrt.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalcl.dll
2009-03-16 19:35 . 2009-03-16 19:35 3272704 ----a-w c:\windows\system32\aticaldd.dll
2009-03-16 19:27 . 2009-03-16 19:27 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-03-09 03:19 . 2008-11-19 14:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-29 08:52 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-29 08:52 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-29 08:52 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-29 08:52 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-29 08:52 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-29 08:52 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-29 08:52 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-29 08:52 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-29 08:52 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-29 08:52 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-29 08:52 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-29 08:52 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-29 08:52 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-29 08:52 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-29 08:52 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-29 08:52 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-29 08:52 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-29 08:52 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 22:59 . 2009-03-05 22:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 . 2009-03-05 22:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 19:56 . 2009-03-03 19:56 118784 ----a-w c:\windows\system32\atibtmon.exe
2009-03-03 04:46 . 2009-04-17 21:03 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 21:03 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 21:03 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 21:03 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 21:03 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-03-31 3563232]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-03-11 920136]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2009-02-19 24576]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-5-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LLPush"=c:\program files\iLinc\Client77\bin\LLPush.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdReg"=c:\windows\UpdReg.EXE
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9FA66A57-A66A-49FE-8615-3AB708E96BC4}"= UDP:c:\program files\Java\jre6\bin\javaw.exe:javaw
"{D67A2F44-5AED-4FA6-A41D-782151FA031B}"= TCP:c:\program files\Java\jre6\bin\javaw.exe:javaw
"TCP Query User{D7DF9E16-514A-4117-AE98-8A1D7C4B0E34}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{C0975964-7C08-44F9-8544-B2F218540D9F}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{45B063AC-C308-43DB-93C8-01DB28845DF5}"= UDP:42949:Vuze
"{465998AC-F2A6-4229-8EF9-8BDE84BBC2D8}"= TCP:42949:Vuz2
"TCP Query User{EA96257B-0339-41BF-ADA1-4C594D14FE27}e:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= UDP:e:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{CE3F8675-9DE7-414B-9934-80F28EEC5464}e:\\meine empfangenen dateien\\ws_ftp\\ws_ftp\\ws_ftp95.exe"= TCP:e:\meine empfangenen dateien\ws_ftp\ws_ftp\ws_ftp95.exe:WS_FTP 95
"{B8F1389E-EB22-4612-A714-6320FB478C60}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{51A8AA01-BC09-45DE-9A17-8CE208DDD321}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{F326ECED-F0AC-4230-9FB1-61ABA715FA33}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{783483B0-355A-492B-AE6F-6A0AA0C2B436}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{09B651A9-6342-44DB-A5D4-3E582C861AAD}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{2F12A67C-C94E-4B88-B5F7-D031F07C9315}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile
"{70F7EC0C-D635-4128-B22C-D1AF9DF74049}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{F6518062-B55B-4CA4-AB80-21906252F949}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{709FAC36-D2FD-4C47-A96E-13AC3ED3E176}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B7592DA6-4E0F-4127-A578-EE36E2432832}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{69EDAB52-83CE-4CE9-BCE6-C1DBF977A684}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C55C6C34-E344-41EA-AF95-3EFF1B4FCEFD}c:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"UDP Query User{35E6AF55-192F-44A6-A332-067B4D0CB3D9}c:\\games\\steam\\steamapps\\coldpain_com\\day of defeat source\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\day of defeat source\hl2.exe:hl2
"{497EFFFE-C710-4504-9189-DBCF6466A47D}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{FF194993-07C1-4FC5-A99D-48BD40E0281E}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-deDE-downloader.exe:Blizzard Downloader
"{15B8B200-765B-403C-8A22-943E4C8C0F95}"= UDP:3724:Blizzard Downloader: 3724
"{4A57AE41-EA8D-457E-AC08-8C02B0010F98}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{2828B22F-0C52-428F-B700-A53C8A779F2B}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Anno4.exe:Anno 1404 Closed Beta
"{93DEAD58-4E0E-4B6E-9D51-4E6E65C438DE}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{3629A5A9-FFF3-413C-816B-1FE18B70C94F}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\Reporter.exe:Anno 1404 Closed Beta Reporter
"{96CC7A26-40B2-497A-8DE8-145791C86278}"= UDP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"{FD90FFE8-1B0F-40CE-A27C-4FB11BED3950}"= TCP:c:\program files\Ubisoft\Related Designs\Anno 1404 Closed Beta\TagesClient.exe:Anno 1404 Tages Client
"TCP Query User{DC34E972-0CD0-4700-A0A5-CD3BC835B3BF}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F1AEE06E-69A2-47B2-82D2-57E9645AA2B4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B006C9C9-F31E-4E0E-B775-C7AFC78674AD}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{C0B3AD76-F483-46F6-A14D-FBAA72089821}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"TCP Query User{E08BDC54-1EBB-459F-A37B-F08E81FA7DA0}c:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= UDP:c:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{5F472325-EC71-4561-B889-80CC989B2FEA}c:\\games\\steam\\steamapps\\coldpain_com\\opposing force\\hl.exe"= TCP:c:\games\steam\steamapps\coldpain_com\opposing force\hl.exe:Half-Life Launcher
"{AEB2B52C-3E8D-424F-B1E7-EB4680E1BF01}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C734AD0B-F5E4-4081-A005-0B37B17DF143}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{72D26C44-E4B9-4D37-A8CE-CC14D5996FF8}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{4C8C08BD-6FDE-4D29-BAF1-F4C0CF43F71B}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{AD678005-1058-413D-B943-628EC2351711}"= UDP:5353:Adobe CSI CS4
"{3396BD38-226D-4799-9C09-0BF0821AFB62}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D93AC4B0-D831-439B-9696-63024097000D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{18CB6A02-B6A3-4F05-A03A-54E451137881}"= Disabled:UDP:c:\program files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{02ACE406-BE6C-4840-AA88-4A87036219FE}"= Disabled:TCP:c:\program files\TuneUp Utilities 2009\Integrator.exe:TuneUp Utilities 2009
"{A5699D27-8A4F-41FC-B94D-BF631BD6E845}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{C8919076-5273-40BF-8C0C-9C52B3E23C63}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader
"{37CBB8DD-301A-482E-AEB3-FE99071A4DFD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2D066C0B-1886-4A26-9169-FA3377DDFA31}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A33E0571-47F2-48B0-A80B-1956F62B4B5F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1CB12BE4-15A6-4BEB-925F-0C414442DA19}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{839C12DF-C720-43D3-AA3A-130E4A802460}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A906D5EC-D0A5-4C6A-BDAB-B3B1787F13D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3D31F9A-6C56-448D-B9D7-17C2B59B8C67}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7AC2B63A-0D32-42A1-9098-3A7DE539E9F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C37E0DC-7001-4B02-96B1-72C76E0E5E8D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{82B53430-35B1-464D-B6DE-CB67B058F266}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{FE22003D-32DA-4AF2-AE58-C09CFD0628C0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{ECADC26E-9281-4861-BE99-1626CAA0FB7D}"= UDP:c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{D5711932-DD1D-4EE5-B87C-07E5608E47A0}"= TCP:c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe:Adobe Bridge CS4
"{EF022531-98A0-47D7-87E8-0878496C6270}"= UDP:c:\games\World of Warcraft\Wow.exe:World of Warcraft
"{8BD8F904-D7B8-40E6-AAF7-185910146329}"= TCP:c:\games\World of Warcraft\Wow.exe:World of Warcraft
"TCP Query User{3A9C70BB-AADB-4CFD-8896-A8578D5D9A31}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"UDP Query User{4BA76B47-D443-4258-B0AA-E39A89EC5D6D}c:\\games\\steam\\steamapps\\coldpain_com\\team fortress 2\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\team fortress 2\hl2.exe:hl2
"{5CACC4B7-3044-49C3-A208-00A82449665A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48572393-228F-4CFE-A4B0-962F495C0CD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A817F09-9C94-479A-A423-7AD50E246354}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD070C4C-B0A7-4EF5-9363-E76D3288EFF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{407663BB-497D-4EF0-8F69-A58CDD5F90B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F38E449A-E469-4FAE-8E68-A42ADFE1CC1A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{61FEE3D5-A489-4F71-B8A8-6AF7828ED92F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3A5A9888-84D6-4C62-BA6E-573C9D8B08C6}c:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= UDP:c:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2
"UDP Query User{6A5A890C-108E-49C6-B3B9-A130B96A7DC1}c:\\games\\steam\\steamapps\\coldpain_com\\counter-strike source\\hl2.exe"= TCP:c:\games\steam\steamapps\coldpain_com\counter-strike source\hl2.exe:hl2

R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [19.11.2008 17:40 40392]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [20.11.2008 03:05 29128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.03.2009 22:27 180224]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [02.03.2009 13:09 1117768]
R2 AVKService;G Data Scheduler;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [02.03.2009 13:09 388168]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [25.02.2009 02:32 1206096]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18.12.2008 18:49 604416]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43 73752]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [19.11.2008 17:40 50632]
R3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [25.02.2009 02:47 298568]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\System32\drivers\ha20x22k.sys [19.02.2009 18:54 1222680]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [06.05.2009 13:14 32200]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [09.05.2009 19:59 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [02.04.2009 21:20 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [02.04.2009 21:30 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [19.02.2009 18:42 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [19.02.2009 18:43 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [19.02.2009 18:43 73752]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [09.01.2009 14:10 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [08.12.2008 18:01 533344]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19.11.2008 17:13 33752]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-05-25 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 14:17]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-procexp90.Sys


.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\users\Pawel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\n06rtz2k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPiL77.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 18:07
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2584977684-1754756360-1121880361-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,eb,d4,03,08,6f,2c,8a,49,7a,6a,37,90,d1,38,d7,f8,cb,cc,10,fa,70,db,
26,f7,0f,71,e1,8e,48,98,cf,fd,76,cf,6b,61,3c,6e,04,46,0e,71,95,49,3e,d6,7f,\
"??"=hex:6d,e4,9a,59,e8,8b,9e,9c,6e,45,cc,40,3e,e5,f9,d0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b8,69,2b,c4,f2,
ea,eb,40,e2,63,26,f1,3f,c8,ff,68,19,8d,1d,ac,ac,ca,69,79,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,dc,8a,6e,52,89,
fd,c3,d8,6a,9c,d6,61,af,45,84,18,0d,fa,0a,b0,15,0f,e7,68,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,55,15,ea,28,8c,
73,d7,82,ff,7c,85,e0,43,d4,0e,fe,d1,9e,af,8b,b4,46,d2,03,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,30,51,0d,46,c6,
5b,27,2e,86,8c,21,01,be,91,eb,e7,f5,b3,e4,8e,85,55,cc,ec,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5c,19,16,27,eb,
45,1c,5c,f5,1d,4d,73,a8,13,5c,05,4d,ba,69,53,f0,1c,ef,71,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,45,e8,60,bf,
e9,b8,6e,df,20,58,62,78,6b,cf,c8,6b,17,c4,c0,c3,58,c1,8e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,2b,cf,93,b9,30,
7f,50,8e,fb,a7,78,e6,12,2f,9a,ea,de,9a,80,18,84,83,ef,6c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f8,af,a8,f6,ff,
7f,05,8e,01,3a,48,fc,e8,04,4a,f1,f6,88,1b,65,bb,da,8c,3d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f5,29,cf,70,9d,
be,48,c2,f6,0f,4e,58,98,5b,89,c9,87,68,52,de,36,fb,b3,f2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,c8,53,d4,78,d8,
72,c8,3d,3d,ce,ea,26,2d,45,aa,78,b9,d3,c0,43,56,e2,bb,43,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,06,0d,54,5b,19,
44,35,7e,2a,b7,cc,b5,b9,7f,41,e7,34,bb,6a,78,4d,22,3f,73,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,9c,9b,85,f5,b4,
14,70,3f,6c,43,2d,1e,aa,22,2f,9c,c6,d4,4b,6b,dc,d3,f6,3d,6c,43,2d,1e,aa,22,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(9884)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\windows\System32\CTxfispi.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-25 18:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-25 16:10
ComboFix2.txt 2009-05-25 14:37

Vor Suchlauf: 15 Verzeichnis(se), 75.204.091.904 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 74.949.128.192 Bytes frei

459 --- E O F --- 2009-05-22 13:30
Hochladen war erfolgreich

 

[raman]

Das sieht auf jeden Fall besser aus. Denke bitte daran, das du alle Passworte aendern musst und mache bitte noch einen Kontrollscan mit Kasperskys oder F-secures onlinescanner...

gib bitte unter start/ausfuehren
Combofix /u ein und druecke enter. Solltest du "Ausfuehren" nicht im Startmenue stehen haben, kannst du es auch in der Suchzeile eingeben koennen...

 

[the_angry_banana]

Wie gesagt nochmals Vielen Dank bis hier hin! Ich schätze es sehr :thanks:
Soll ich also nochmal einen Scan durchführen mit Combo?
Ich habe eine Datei im Temp Ordner "LVPrcInj01.dll" dich ich nicht löschen kann. Angeblich von Logitech (habe eine Webcam, Maus und Tastatur von denen.)

Hier auch nochmal Log Info darüber:

Datei LVPrcInj01.dll empfangen 2009.05.25 17:48:31 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/39 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 5.
Geschätzte Startzeit ist zwischen 70 und 100 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.25 -
AhnLab-V3 5.0.0.2 2009.05.25 -
AntiVir 7.9.0.168 2009.05.25 -
Antiy-AVL 2.0.3.1 2009.05.25 -
Authentium 5.1.2.4 2009.05.25 -
Avast 4.8.1335.0 2009.05.25 -
AVG 8.5.0.339 2009.05.25 -
BitDefender 7.2 2009.05.25 -
CAT-QuickHeal 10.00 2009.05.25 -
ClamAV 0.94.1 2009.05.25 -
Comodo 1199 2009.05.25 -
DrWeb 5.0.0.12182 2009.05.25 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6521 2009.05.25 -
F-Prot 4.4.4.56 2009.05.25 -
F-Secure 8.0.14470.0 2009.05.25 -
Fortinet 3.117.0.0 2009.05.25 -
GData 19 2009.05.25 -
Ikarus T3.1.1.49.0 2009.05.25 -
K7AntiVirus 7.10.744 2009.05.25 -
Kaspersky 7.0.0.125 2009.05.25 -
McAfee 5626 2009.05.25 -
McAfee+Artemis 5626 2009.05.25 -
McAfee-GW-Edition 6.7.6 2009.05.25 -
Microsoft 1.4701 2009.05.25 -
Norman 6.01.05 2009.05.25 -
nProtect 2009.1.8.0 2009.05.25 -
Panda 10.0.0.14 2009.05.25 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.25 -
Rising 21.31.04.00 2009.05.25 -
Sophos 4.42.0 2009.05.25 -
Sunbelt 3.2.1858.2 2009.05.25 -
Symantec 1.4.4.12 2009.05.25 -
TheHacker 6.3.4.3.331 2009.05.25 -
TrendMicro 8.950.0.1092 2009.05.25 -
VBA32 3.12.10.5 2009.05.25 -
ViRobot 2009.5.25.1751 2009.05.25 -
VirusBuster 4.6.5.0 2009.05.25 -
weitere Informationen
File size: 109080 bytes
MD5...: b894bef436cd7b7cf89bc0a53d4ae624
SHA1..: fd17ccd3e77b5fa085610da5be2cafbf68736bde
SHA256: 61e4884d5f65ec7b6faf9a668ad6e43cc7019753afd0af46934ee0623dce3947
ssdeep: 1536:hB9y8ckgEXnZwPKrdG1a/PE1HgFCWHTD/ktJ7WjPBDMtFuNfMPxvSrOTNo:
hB9JXZqK5iRuYtF6fMPxvy
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6734
timedatestamp.....: 0x488b3c09 (Sat Jul 26 15:00:25 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xeeb7 0xf000 6.56 634dc37274da99b9bf3e3db0e2e33dc1
.rdata 0x10000 0x3ac2 0x4000 5.06 a04125feeffebfdaac8e5e0b9960cc8d
.data 0x14000 0x3388 0x2000 3.32 9ae4fce0ad3d74552e3da8a083dfd0d9
.rsrc 0x18000 0x9e0 0x1000 4.14 605f31deb5e6300e2fe677ecf8ecf6f5
.reloc 0x19000 0x1cf2 0x2000 4.41 6060fbbde84ea851507fb0b13ea19a39

( 2 imports )
> KERNEL32.dll: WaitForSingleObject, SetEvent, VirtualUnlock, VirtualLock, ReleaseMutex, ResetEvent, WaitForMultipleObjects, CreateEventA, WaitForMultipleObjectsEx, OpenEventA, GetCurrentProcessId, FreeLibrary, VirtualProtect, InterlockedExchange, GetModuleHandleW, DeviceIoControl, InterlockedDecrement, GetModuleFileNameA, InterlockedIncrement, GetProcAddress, LoadLibraryA, QueryPerformanceCounter, FlushFileBuffers, Sleep, TlsGetValue, GetLastError, TlsSetValue, TlsAlloc, CreateMutexA, TlsFree, LoadLibraryW, CloseHandle, RtlUnwind, ExitThread, GetCurrentThreadId, CreateThread, HeapAlloc, HeapFree, GetCommandLineA, GetVersionExA, GetProcessHeap, GetModuleHandleA, SetLastError, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, WriteFile, GetStdHandle, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, GetSystemTimeAsFileTime, RaiseException, InitializeCriticalSection, SetFilePointer, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA
> USER32.dll: GetUserObjectInformationA, GetProcessWindowStation

( 1 exports )
LVPRCINJ_Challenge
PDFiD.: -
RDS...: NSRL Reference Data Set
-

 

[raman]

Gut erkannt. Die wird von der Logitech Software jedesmal neu erstellt. Sie taucht auch deshalb immer im CF Report auf.
Du kannst das ignorieren....