Probleme mit Trojaner

D

desabo

New member
Hallo Leute, nach meiner letzten Virtumondeatacke und dem Neuaufbau meines Systems (schwitz!) habe ich wieder diesen blöden Win32.azl usw auf meinem Rechner. Könnt ihr mir helfen? Log im Anhang
Gruß Desabo

--- Search result list ---
Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()


Win32.Small.azl: [SBI $02AFBE7E] Autorun-Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-07-30 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-07-30 SDFiles.exe (1.6.0.4)
2008-07-30 SDMain.exe (1.0.0.6)
2008-07-30 SDShred.exe (1.0.2.3)
2008-07-30 SDUpdate.exe (1.6.0.9)
2008-07-30 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-07-30 TeaTimer.exe (1.6.1.22)
2008-08-07 unins000.exe (51.49.0.0)
2008-07-30 Update.exe (1.6.0.7)
2008-07-30 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-30 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-30 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-07-30 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-05 Includes\Malware.sbi (*)
2008-08-05 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-05 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-08-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-04 Includes\Spyware.sbi (*)
2008-08-05 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Sicherheitsupdate für Windows Media Player 11 (KB936782)
/ Windows Media Player 6.4: Sicherheitsupdate für Windows Media Player 6.4 (KB925398)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file: C:\WINDOWS\system\cmicnfg.cpl
size: 2834432
MD5: FDF5872FDFE7A46E7C0744879BD0A041

Located: HK_LM:Run, CoolSwitch
command: C:\WINDOWS\system32\taskswitch.exe
file: C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: EBD2EA535FC47D426D0C2FC7C7293534

Located: HK_LM:Run, NeroFilterCheck
command: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
file: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
size: 163840
MD5: 953677D529633FF3F7D68CEB7BE4B189

Located: HK_LM:Run, SiSPower
command: Rundll32.exe SiSPower.dll,ModeAgent
file: C:\WINDOWS\system32\SiSPower.dll
size: 53248
MD5: 9ADE7A17E43ABEF762E9E92B0EBC8E3B

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 585728
MD5: 13B35FBDC2C45F42F80339D02B914734

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1202660629-1788223648-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, Skype
where: S-1-5-21-1202660629-1788223648-839522115-1003...
command: "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Programme\Skype\Phone\Skype.exe
size: 21718312
MD5: EDBDF840B8D770F4B7D57270DE5AABBD

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: Startup (allgemein), AudioDeck.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
file: C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
size: 589824
MD5: 42D4CA738C6F81D8FB609AFB03BC2FE7

Located: Startup (allgemein), BTTray.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\Belkin\Bluetooth Software\BTTray.exe
file: C:\Programme\Belkin\Bluetooth Software\BTTray.exe
size: 561213
MD5: 4775EDADB6CE8F8F0F298F973B027586

Located: Startup (allgemein), WinZip Quick Pick.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\WinZip\WZQKPICK.EXE
file: C:\Programme\WinZip\WZQKPICK.EXE
size: 114753
MD5: B84F8C7D9A39D17BD736F395F6085DD1

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22.10.2006 23:08:42
Date (last access): 10.08.2008 08:18:28
Date (last write): 22.10.2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{11DBECBF-CEFF-4207-92F1-2EDE870CC935} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: avtap.dll
Short name:
Date (created): 02.08.2008 15:49:52
Date (last access): 10.08.2008 08:18:28
Date (last write): 28.02.2006 14:00:00
Filesize: 91648
Attributes: archive
MD5: D7276B3B0C28A687A174D27DDCBF1ED9
CRC32: 5B4CD70D
Version: 1.0.0.0

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 11.06.2008 19:51:16
Date (last access): 10.08.2008 09:03:20
Date (last write): 30.07.2008 14:45:34
Filesize: 1562448
Attributes: archive
MD5: 3024DF2915AED376971635DB06DC25CF
CRC32: 763886E5
Version: 1.6.0.12

{6F282B65-56BF-4BD1-A8B2-A4449A05863D} (GamesBar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: GamesBar
Path: C:\Programme\GamesBar\
Long name: oberontb.dll
Short name:
Date (created): 19.06.2007 17:09:16
Date (last access): 10.08.2008 08:18:28
Date (last write): 19.06.2007 17:09:16
Filesize: 380928
Attributes: archive
MD5: D80CF2497E8122D7ACA6BCB9FBDC3492
CRC32: D35C6AB8
Version: 1.1.0.5

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 07.08.2008 19:06:10
Date (last access): 10.08.2008 08:51:56
Date (last write): 10.06.2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6



--- ActiveX list ---
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217161911093
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 11.06.2008 18:49:04
Date (last access): 10.08.2008 08:52:22
Date (last write): 30.07.2007 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 08.08.2008 08:50:50
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 10.08.2008 09:04:50
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 10.08.2008 09:04:50
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6



--- Process list ---
PID: 0 ( 0) [System]
PID: 488 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 544 ( 488) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 568 ( 488) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 612 ( 568) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 624 ( 568) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 776 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 832 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 900 ( 612) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 952 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1072 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1332 ( 612) C:\WINDOWS\system32\spoolsv.exe
size: 65024
MD5: DCC2A1470DF5BA4E3F06028C0C0332B5
PID: 1464 (1436) C:\WINDOWS\Explorer.EXE
size: 1042432
MD5: 8B32C91920ED508519CF3FABFEE90069
PID: 1692 ( 612) C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
size: 274487
MD5: ED1D0EA1E0F3B93F9E1C8BB9EB2CB587
PID: 1736 (1464) C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: EBD2EA535FC47D426D0C2FC7C7293534
PID: 1744 (1464) C:\WINDOWS\SOUNDMAN.EXE
size: 585728
MD5: 13B35FBDC2C45F42F80339D02B914734
PID: 1756 ( 612) C:\WINDOWS\system32\cisvc.exe
size: 12800
MD5: EFF9F56CA0B804607E5B12DEAC845C56
PID: 1768 (1464) C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 1780 (1464) C:\WINDOWS\mrofinu1001186.exe
size: 44544
MD5: 37F41FD8AB03AE646487531EF1316EBC
PID: 1796 (1464) C:\WINDOWS\system32\ctfmon.exe
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80
PID: 1808 (1464) C:\Programme\Skype\Phone\Skype.exe
size: 21718312
MD5: EDBDF840B8D770F4B7D57270DE5AABBD
PID: 1856 ( 612) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1884 (1464) C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
size: 589824
MD5: 42D4CA738C6F81D8FB609AFB03BC2FE7
PID: 1896 (1464) C:\Programme\Belkin\Bluetooth Software\BTTray.exe
size: 561213
MD5: 4775EDADB6CE8F8F0F298F973B027586
PID: 1924 (1464) C:\Programme\WinZip\WZQKPICK.EXE
size: 114753
MD5: B84F8C7D9A39D17BD736F395F6085DD1
PID: 192 ( 612) C:\WINDOWS\System32\snmp.exe
size: 39936
MD5: 907E3C3A79EEDF2E2EE6BE20A8ABC516
PID: 228 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 416 (1884) C:\WINDOWS\system32\devldr32.exe
size: 24064
MD5: 14DB5E49532259784602F15E0EA39227
PID: 1624 ( 612) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 2160 ( 816) C:\WINDOWS\17PHolmes1001186.exe
size: 44544
MD5: 37F41FD8AB03AE646487531EF1316EBC
PID: 2468 (1808) C:\Programme\Skype\Plugin Manager\skypePM.exe
size: 76744
MD5: A8D36ADDD1FCD24A450807EE693E4762
PID: 1224 (1756) C:\WINDOWS\system32\cidaemon.exe
size: 15360
MD5: F8F58A6852374464E7EC0DC443B59F30
PID: 2568 ( 776) C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
size: 1409108
MD5: 0EBD263A3E51651824C996D10F31791A
PID: 248 (3012) C:\WINDOWS\17PHolmes1001186.exe
size: 44544
MD5: 37F41FD8AB03AE646487531EF1316EBC
PID: 3888 (1464) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 3228 ( 568) C:\WINDOWS\TEMP\VRTA6.tmp
size: 8790
MD5: 5AB0A45F63DF6557627EC05EEB5FB9BF
PID: 2980 (1252) C:\WINDOWS\TEMP\DILA8.tmp
size: 115200
MD5: 086847F3117F537C319AFF9CD5F6C645
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10.08.2008 09:04:52

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD9FCFC7-17EC-4C9C-86C2-40BB22B0E59F}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD9FCFC7-17EC-4C9C-86C2-40BB22B0E59F}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464B20BC-DAC0-41F1-9C97-4FC47ECDD200}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464B20BC-DAC0-41F1-9C97-4FC47ECDD200}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEB4BF56-51EE-4318-905E-B65859F7188B}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEB4BF56-51EE-4318-905E-B65859F7188B}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2685D910-9F79-459C-8896-606124B9615A}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2685D910-9F79-459C-8896-606124B9615A}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07C92217-0E09-4574-8713-77379BEC2DF2}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07C92217-0E09-4574-8713-77379BEC2DF2}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FEA4B2-80E7-4F77-BDB3-A05C7B83F1A9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FEA4B2-80E7-4F77-BDB3-A05C7B83F1A9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
Hallo desabo,

Mache bitte folgendes:

Nutze die mit Windows gelieferte Datenträgerbereinigung(alles anhaken außer alte Dateien komprimieren) und saeubere die Systemwiederherstellung über "weitere Optionen".
http://support.microsoft.com/default.aspx?scid=kb;de;315246

-----------------------------------------------------------------------------------------------

Downloade Combofix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es auf den Desktop
Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen
Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinen Thread einfuegen.
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Nutze immer eine aktuelle Version von Combofix, auch wenn du "deine" erst vor einem Tag heruntergeladen hast.

-----------------------------------------------------------------------------------------------

Erstellen eines Hijackthis-Logfiles

http://virus-protect.org/hjtkurz.html
http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip

Lade/entpacke HijackThis in einen extra Ordner, Benenne Hijackthis in HJT um, starte es und waehle
---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
 
Sorry das es so lange gedauert hat. Ich war ne Woche nicht da.
Hier die Logs.ComboFix 08-08-17.01 - Alexander Sabo 2008-08-17 23:14:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.381 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Alexander Sabo\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Alexander Sabo\UserData
C:\Dokumente und Einstellungen\Alexander Sabo\UserData\GXE3GP6Z\oWindowsUpdate[1].xml
C:\Dokumente und Einstellungen\Alexander Sabo\UserData\index.dat
C:\Programme\GamesBar\oberontb.dll
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\system32\adsms.dll
C:\WINDOWS\system32\adsmse.dll
C:\WINDOWS\system32\amstre.dll
C:\WINDOWS\system32\amstrea.dll
C:\WINDOWS\system32\appmgm.dll
C:\WINDOWS\system32\appmgmt.dll
C:\WINDOWS\system32\asycfi.dll
C:\WINDOWS\system32\asycfil.dll
C:\WINDOWS\system32\ati2cqa.dll
C:\WINDOWS\system32\ativvax.dll
C:\WINDOWS\system32\Audio3.dll
C:\WINDOWS\system32\auth.dll
C:\WINDOWS\system32\autodi.dll
C:\WINDOWS\system32\autodis.dll
C:\WINDOWS\system32\autodiscd.dll
C:\WINDOWS\system32\avica.dll
C:\WINDOWS\system32\avicap3.dll
C:\WINDOWS\system32\avicapj.dll
C:\WINDOWS\system32\avtap.dll
C:\WINDOWS\system32\avtapd.dll
C:\WINDOWS\system32\avtapie.dll
C:\WINDOWS\system32\avtapm.dll
C:\WINDOWS\system32\avwa.dll
C:\WINDOWS\system32\avwaj.dll
C:\WINDOWS\system32\bat.dll
C:\WINDOWS\system32\bitsprx.dll
C:\WINDOWS\system32\bitsprxj.dll
C:\WINDOWS\system32\btbi.dll
C:\WINDOWS\system32\btbih.dll
C:\WINDOWS\system32\bthcr.dll
C:\WINDOWS\system32\bthser.dll
C:\WINDOWS\system32\BTNCop.dll
C:\WINDOWS\system32\BTNeighborho.dll
C:\WINDOWS\system32\BTNeighborhoo.dll
C:\WINDOWS\system32\btosif_not.dll
C:\WINDOWS\system32\btosif_note.dll
C:\WINDOWS\system32\btprn2.dll
C:\WINDOWS\system32\bts.dll
C:\WINDOWS\system32\btse.dll
C:\WINDOWS\system32\btsend.dll
C:\WINDOWS\system32\btsendt.dll
C:\WINDOWS\system32\BtWizar.dll
C:\WINDOWS\system32\BtXpShel.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-17 bis 2008-08-17 ))))))))))))))))))))))))))))))
.

2008-08-15 13:23 . 2008-08-15 13:23 <DIR> d-------- C:\Programme\Kellogg's
2008-08-13 14:47 . 2008-08-13 14:47 <DIR> d-------- C:\Programme\Aloha TriPeaks Deluxe
2008-08-13 10:16 . 2008-08-13 10:16 <DIR> d-------- C:\Programme\OXXOGames
2008-08-10 14:53 . 2008-08-10 14:54 <DIR> d-------- C:\Programme\Pizza Frenzy Deluxe
2008-08-07 19:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-07 18:57 . 2008-08-07 18:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-08-05 10:17 . 2008-08-05 10:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\BOONTY Shared
2008-08-05 10:17 . 2008-08-05 10:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOONTY
2008-08-05 09:20 . 2008-08-05 15:24 <DIR> d-------- C:\Programme\BoontyGames
2008-08-05 09:20 . 2008-08-05 09:20 <DIR> d-------- C:\Programme\Boonty
2008-08-04 15:44 . 2008-08-04 15:44 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-08-04 14:44 . 2008-08-04 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fugazo
2008-08-04 14:34 . 2008-08-04 15:47 <DIR> d-------- C:\Programme\Airport Mania - First Flight
2008-08-04 14:12 . 2008-08-04 14:44 <DIR> d-------- C:\Programme\Cooking Academy
2008-08-04 12:24 . 2008-08-04 12:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii
2008-08-03 12:01 . 2008-08-03 12:01 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Playrix Entertainment
2008-08-03 11:34 . 2008-08-03 11:34 <DIR> d-------- C:\Programme\Fishdom
2008-08-03 11:01 . 2008-08-04 12:24 <DIR> d-------- C:\Programme\Babysitting Mania
2008-08-02 16:35 . 2008-08-02 16:35 <DIR> d-------- C:\XPpostSP2update
2008-07-26 21:10 . 2006-02-28 14:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-07-26 21:09 . 2006-02-28 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-26 21:08 . 2006-02-28 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-26 21:07 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-26 20:54 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\de-de
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\de
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-26 18:05 . 2008-07-26 18:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-26 17:48 . 2006-02-28 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-22 22:19 . 2008-07-22 22:20 0 --a------ C:\WINDOWS\system32\pqtmp.fil
2008-07-22 22:18 . 2008-07-22 22:18 1,245 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB
2008-07-22 22:09 . 2001-12-04 07:01 1,379,208 --a------ C:\WINDOWS\system32\XMNT2001.EXE
2008-07-22 22:09 . 2001-12-04 07:01 3,360 --a------ C:\WINDOWS\system32\drivers\PQNTDRV.SYS
2008-07-22 22:08 . 2008-07-22 22:08 <DIR> d-------- C:\Programme\PowerQuest
2008-07-22 21:18 . 2008-08-16 21:03 <DIR> d-------- C:\Programme\PokerStars
2008-07-22 20:36 . 2006-11-23 16:45 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-22 20:35 . 2008-07-22 20:36 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2008-07-22 20:34 . 2008-07-22 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\TuneUp Software
2008-07-22 20:33 . 2008-07-22 20:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-22 20:33 . 2008-07-22 20:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-07-21 13:45 . 2008-07-21 13:45 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\ITTNord
2008-07-20 22:32 . 2008-07-20 22:32 <DIR> d-------- C:\Programme\ReflexiveArcade
2008-07-17 15:10 . 2008-07-17 15:10 26 --a------ C:\WINDOWS\MINIvue.INI

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 21:15 --------- d-----w C:\Programme\GamesBar
2008-08-17 21:13 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Skype
2008-08-17 14:03 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\skypePM
2008-08-08 14:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GamesBar
2008-08-07 19:23 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-08-07 19:23 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-07 17:06 --------- d-----w C:\Programme\Java
2008-08-04 14:44 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Zylom
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\PlayFirst
2008-07-29 13:21 --------- d-----w C:\Programme\Zylom Games
2008-07-22 20:08 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-22 20:03 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-07-21 12:56 --------- d-----w C:\Programme\McDonaldsFairies
2008-07-21 12:56 --------- d-----w C:\Programme\Gamenext
2008-07-21 12:53 --------- d-----w C:\Programme\Gamesload Spiele
2008-07-10 20:51 --------- d-----w C:\Programme\Windows Installer 4.5 SDK
2008-07-10 20:19 --------- d-----w C:\Programme\xpTuner
2008-07-06 19:26 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Ahead
2008-07-04 13:46 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Media Player Classic
2008-06-23 18:13 --------- d-----w C:\Programme\Chocolatier Deluxe
2008-06-23 10:26 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Meridian93
2008-06-22 12:13 --------- d-----w C:\Programme\Firaxis Games
2008-06-22 11:18 --------- d-----w C:\Programme\trellian
2008-06-21 17:18 --------- d-----w C:\Programme\Gemeinsame Dateien\Oberon Media
2008-06-21 16:08 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Friday's games
2008-06-12 12:30 0 ----a-w C:\Programme\temp01
2008-06-11 18:11 745,472 ----a-w C:\WINDOWS\iun6002.exe
.

------- Sigcheck -------

2006-02-28 14:00 1042432 8b32c91920ed508519cf3fabfee90069 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1043456 6727eef4b3759dcd2ba3c2701f1e41b0 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 14:00 1042432 5bcc9ea57e397bdb2364ca27a34d5e75 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:22 1043968 f0bf0bbb1c47991424a50cfd9f94455c C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\explorer.exe

2008-04-14 04:22 22528 95d7c836e10f02b1521493b20327d2bd C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\ctfmon.exe
2006-02-28 14:00 22528 665d9ab270fbb19636328a6207708e80 C:\WINDOWS\system32\ctfmon.exe
2006-02-28 14:00 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17 65024 8aa8852d6b80b3869eefc3e46fbfab38 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2006-02-28 14:00 65024 7d6e77234a265969ee198570da793d27 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:23 65024 da1bda1aaf9f13b7e6e4f4237787e2a2 C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\spoolsv.exe
2006-02-28 14:00 65024 dcc2a1470df5ba4e3f06028c0c0332b5 C:\WINDOWS\system32\spoolsv.exe

2008-04-14 04:23 33792 72cc83a1a27e42cf962d79e22e7014ec C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\userinit.exe
2006-02-28 14:00 32256 afe03035ccb87f1934f07bbb8fc660f9 C:\WINDOWS\system32\userinit.exe
2006-02-28 14:00 25088 d1e53dc57143f2584b1dd53b036c0633 C:\WINDOWS\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 22528]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 163840]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SiSPower"="SiSPower.dll" [2007-01-23 13:34 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 585728 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 22528]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
AudioDeck.lnk - C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-06-11 19:05:39 589824]
BTTray.lnk - C:\Programme\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 17:05:38 553021]
WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE [2008-06-22 13:12:33 114753]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Programme\\Hercules\\Classic Silver\\Station2.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29]
S2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2006-02-28 14:00]
S3 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe [2008-08-05 10:17]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 16:45]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-08-15 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 16:46]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Mozilla\Firefox\Profiles\mpzmr5kv.Alex\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 23:16:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-08-17 23:18:37
ComboFix-quarantined-files.txt 2008-08-17 21:18:31

Pre-Run: 7 Verzeichnis(se), 66,791,063,552 Bytes frei
Post-Run: 10 Verzeichnis(se), 67,181,654,016 Bytes frei

229 --- E O F --- 2008-06-13 01:02:26



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:12, on 17.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Programme\Belkin\Bluetooth Software\BTTray.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AudioDeck.lnk = C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217161911093
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)

--
End of file - 5732 bytes


Gruß Desabo
 
Das sieht nicht wirklich gut aus. Teste bitte C:\WINDOWS\system32\ctfmon.exe
bei virustotal.com und poste den Link zum Ergebniss.
 
Hallo,

Bei den Prozessen sind folgende zu sehen:
C:\WINDOWS\TEMP\VRTA6.tmp
C:\WINDOWS\TEMP\DILA8.tmp
Ne Ahnung was das sein könnte?

Mit freundlichen Grüßen
Sandra
Team Spybot
 
Das hört sich ja nicht gut an. Hier der scan:
Datei ctfmon.exe empfangen 2008.08.18 21:17:17 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 32/36 (88.89%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit is zwischen 42 und 60 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.8.19.0 2008.08.18 Win32/Virut.B
AntiVir 7.8.1.19 2008.08.18 W32/Virut.AX
Authentium 5.1.0.4 2008.08.18 W32/Virut.7116
Avast 4.8.1195.0 2008.08.18 Win32:Virtob
AVG 8.0.0.161 2008.08.18 Win32/Virut
BitDefender 7.2 2008.08.18 Win32.Virtob.8.Gen
CAT-QuickHeal 9.50 2008.08.18 W32.Virut.Z
ClamAV 0.93.1 2008.08.18 W32.Virut-17
DrWeb 4.44.0.09170 2008.08.18 Win32.Virut.30
eSafe 7.0.17.0 2008.08.18 -
eTrust-Vet 31.6.6035 2008.08.15 Win32/Virut.7115
Ewido 4.0 2008.08.18 -
F-Prot 4.4.4.56 2008.08.18 W32/Virut.7116
F-Secure 7.60.13501.0 2008.08.18 Virus.Win32.Virut.av
Fortinet 3.14.0.0 2008.08.18 W32/Virut.AV
GData 2.0.7306.1023 2008.08.18 Virus.Win32.Virut.av
Ikarus T3.1.1.34.0 2008.08.18 Virus.Win32.Virut.av
K7AntiVirus 7.10.420 2008.08.18 Virus.Win32.Virut.av
Kaspersky 7.0.0.125 2008.08.18 Virus.Win32.Virut.av
McAfee 5363 2008.08.18 W32/Virut.gen.a
Microsoft 1.3807 2008.08.18 Virus:Win32/Virut.AC
NOD32v2 3365 2008.08.18 Win32/Virut.AV
Norman 5.80.02 2008.08.18 W32/Virut.AG
Panda 9.0.0.4 2008.08.18 W32/Virutas.Z
PCTools 4.4.2.0 2008.08.18 Win32.Virut.Gen.4
Prevx1 V2 2008.08.18 -
Rising 20.58.02.00 2008.08.18 Win32.Virut.an
Sophos 4.32.0 2008.08.18 W32/Virut-W
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.18 W32.Virut.W
TheHacker 6.3.0.5.053 2008.08.18 W32/Virut.av
TrendMicro 8.700.0.1004 2008.08.18 PE_VIRUT.AV
VBA32 3.12.8.3 2008.08.18 Virus.Win32.Virut.2
ViRobot 2008.8.18.1339 2008.08.18 Win32.Virut.S
VirusBuster 4.5.11.0 2008.08.18 Win32.Virut.Gen.4
Webwasher-Gateway 6.6.2 2008.08.18 Win32.Virut.AX
weitere Informationen
File size: 22528 bytes
MD5...: 665d9ab270fbb19636328a6207708e80
SHA1..: eca770c41ae8a0f768cf1ae19ca04e70e599429c
SHA256: 6e0050e213f50473be7fc3aaa95d1f623e4464877811b62dc8ba3375cf389d73
SHA512: eedf37a7b3627ed007cc713d4c38fd66e25647cade972c36e9e231a028ccd8c7
ebb811b698f087733f53bf11db270e63756e68b4e3088b0aa48b42a4b8452a41
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x405a00
timedatestamp.....: 0x41107bfa (Wed Aug 04 06:02:34 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.76 1ba44a2a473ccfc5ec3be2a4d428469a
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x7a00 0x2600 7.36 191c81139d5bc09273f2f7593a325189

( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar

( 0 exports )

Und leider hab ich auch keine Ahnung was für Temp Dats das sind!
Das Sys habe ich aber erst vor kurzem aufgebaut weil ich ärger mit dem SP3 hatte. Wo kommt der Sch..... her? Meine Frau lädt ganz gerne Big fish Games u.ä. hoch. kann das daher kommen?
Vielen Dank und Grüße
Desabo:sad:
 
Woher diese Malware kommt, kann ich dir nicht sagen, nur das hier eine Reinigung nutzlos ist. Du musst den Rechner komplett neu Partitionieren, Formatieren und installieren. Des weiteren darfst du keine Ausfuehrbaren Dateien von dem REchner wieder benutzen, da diese alle von Virut befallen sind. Daten wie Eail, Dokumente Bilder usw. sollten Kein Problem sein.

Eine Anleitung dazu indest du u.a. hier:
http://www.trojaner-board.de/51262-anleitung-neuaufsetzen-des-systems-absicherung.html

WIchtig ist, das du vor dem ersten Onlinegang das SP2, bzw 3 installierst. Also das vorher aus sicherer Quelle von einem sauberen Rechner herunterladen!

Ein Virenscanner waere auch nicht schlecht. Es gibt kostenlose Alternative wie z.B. Avira Antivir oder Avast.
 
Also das mit dem neuaufbau schau ich mir an. Hier ist nochmal ein aktueller SB Scan.

--- Search result list ---
Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()


Gratuliere!: Es wurden keine Spione gefunden. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-07-30 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-07-30 SDFiles.exe (1.6.0.4)
2008-07-30 SDMain.exe (1.0.0.6)
2008-07-30 SDShred.exe (1.0.2.3)
2008-07-30 SDUpdate.exe (1.6.0.9)
2008-07-30 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-07-30 TeaTimer.exe (1.6.1.22)
2008-08-07 unins000.exe (51.49.0.0)
2008-07-30 Update.exe (1.6.0.7)
2008-07-30 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-30 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-30 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-12 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-07-30 Includes\Hijackers.sbi (*)
2008-08-12 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-05 Includes\Malware.sbi (*)
2008-08-12 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-12 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-08-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-12 Includes\Spyware.sbi (*)
2008-08-12 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Sicherheitsupdate für Windows Media Player 11 (KB936782)
/ Windows Media Player 6.4: Sicherheitsupdate für Windows Media Player 6.4 (KB925398)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, CoolSwitch
command: C:\WINDOWS\system32\taskswitch.exe
file: C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: EBD2EA535FC47D426D0C2FC7C7293534

Located: HK_LM:Run, NeroFilterCheck
command: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
file: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
size: 163840
MD5: 953677D529633FF3F7D68CEB7BE4B189

Located: HK_LM:Run, SiSPower
command: Rundll32.exe SiSPower.dll,ModeAgent
file: C:\WINDOWS\system32\SiSPower.dll
size: 53248
MD5: 9ADE7A17E43ABEF762E9E92B0EBC8E3B

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 585728
MD5: 13B35FBDC2C45F42F80339D02B914734

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_LM:RunOnce, WMC_RebootCheck
command: C:\WINDOWS\inf\unregmp2.exe /FixUps
file: C:\WINDOWS\inf\unregmp2.exe
size: 196608
MD5: BA687B1F5AC4139ED9FFE1702ED384F8

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1202660629-1788223648-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: HK_CU:Run, Skype
where: S-1-5-21-1202660629-1788223648-839522115-1003...
command: "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Programme\Skype\Phone\Skype.exe
size: 21718312
MD5: EDBDF840B8D770F4B7D57270DE5AABBD

Located: HK_CU:RunOnce, MPlayer2_FixUp
where: S-1-5-21-1202660629-1788223648-839522115-1003...
command: C:\WINDOWS\inf\unregmp2.exe /Fixups
file: C:\WINDOWS\inf\unregmp2.exe
size: 196608
MD5: BA687B1F5AC4139ED9FFE1702ED384F8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80

Located: Startup (allgemein), AudioDeck.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
file: C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
size: 589824
MD5: 42D4CA738C6F81D8FB609AFB03BC2FE7

Located: Startup (allgemein), BTTray.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\Belkin\Bluetooth Software\BTTray.exe
file: C:\Programme\Belkin\Bluetooth Software\BTTray.exe
size: 553021
MD5: 8661E483B7D11A941E9912C14651246F

Located: Startup (allgemein), WinZip Quick Pick.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\WinZip\WZQKPICK.EXE
file: C:\Programme\WinZip\WZQKPICK.EXE
size: 114753
MD5: B84F8C7D9A39D17BD736F395F6085DD1

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22.10.2006 23:08:42
Date (last access): 19.08.2008 16:48:26
Date (last write): 22.10.2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 11.06.2008 19:51:16
Date (last access): 19.08.2008 19:47:40
Date (last write): 30.07.2008 14:45:34
Filesize: 1562448
Attributes: archive
MD5: 3024DF2915AED376971635DB06DC25CF
CRC32: 763886E5
Version: 1.6.0.12

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 07.08.2008 19:06:10
Date (last access): 19.08.2008 16:48:26
Date (last write): 10.06.2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6



--- ActiveX list ---
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217161911093
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 11.06.2008 18:49:04
Date (last access): 18.08.2008 21:41:04
Date (last write): 30.07.2007 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 10.08.2008 09:04:50
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 19.08.2008 19:50:14
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 02:32:34
Date (last access): 19.08.2008 19:50:14
Date (last write): 10.06.2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6



--- Process list ---
PID: 0 ( 0) [System]
PID: 488 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 620 ( 488) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 644 ( 488) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 688 ( 644) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 700 ( 644) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 852 ( 688) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 908 ( 688) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 996 ( 688) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1040 ( 688) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1188 ( 688) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1632 ( 688) C:\WINDOWS\system32\spoolsv.exe
size: 65024
MD5: DCC2A1470DF5BA4E3F06028C0C0332B5
PID: 1864 ( 688) C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
size: 274487
MD5: A824359C708B379B3D681254B522F47F
PID: 1884 ( 688) C:\WINDOWS\system32\cisvc.exe
size: 12800
MD5: EFF9F56CA0B804607E5B12DEAC845C56
PID: 1980 ( 688) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 212 (1524) C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: EBD2EA535FC47D426D0C2FC7C7293534
PID: 240 (1524) C:\WINDOWS\SOUNDMAN.EXE
size: 585728
MD5: 13B35FBDC2C45F42F80339D02B914734
PID: 248 (1524) C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 256 (1524) C:\WINDOWS\system32\ctfmon.exe
size: 22528
MD5: 665D9AB270FBB19636328A6207708E80
PID: 268 (1524) C:\Programme\Skype\Phone\Skype.exe
size: 21718312
MD5: EDBDF840B8D770F4B7D57270DE5AABBD
PID: 368 (1524) C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
size: 589824
MD5: 42D4CA738C6F81D8FB609AFB03BC2FE7
PID: 376 (1524) C:\Programme\Belkin\Bluetooth Software\BTTray.exe
size: 553021
MD5: 8661E483B7D11A941E9912C14651246F
PID: 384 (1524) C:\Programme\WinZip\WZQKPICK.EXE
size: 114753
MD5: B84F8C7D9A39D17BD736F395F6085DD1
PID: 448 ( 852) C:\Programme\Belkin\Bluetooth Software\BTStackServer.exe
size: 1400916
MD5: 9BFE78B0C2AB6B7EA2188812886C0216
PID: 564 ( 688) C:\WINDOWS\System32\snmp.exe
size: 39936
MD5: 907E3C3A79EEDF2E2EE6BE20A8ABC516
PID: 600 ( 688) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1268 ( 368) C:\WINDOWS\system32\devldr32.exe
size: 24064
MD5: 14DB5E49532259784602F15E0EA39227
PID: 1740 ( 688) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 2576 ( 268) C:\Programme\Skype\Plugin Manager\skypePM.exe
size: 76744
MD5: A8D36ADDD1FCD24A450807EE693E4762
PID: 2188 (1884) C:\WINDOWS\system32\cidaemon.exe
size: 15360
MD5: F8F58A6852374464E7EC0DC443B59F30
PID: 1104 ( 644) C:\WINDOWS\explorer.exe
size: 1042432
MD5: 8B32C91920ED508519CF3FABFEE90069
PID: 3048 (1104) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19.08.2008 19:50:14

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD9FCFC7-17EC-4C9C-86C2-40BB22B0E59F}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD9FCFC7-17EC-4C9C-86C2-40BB22B0E59F}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464B20BC-DAC0-41F1-9C97-4FC47ECDD200}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464B20BC-DAC0-41F1-9C97-4FC47ECDD200}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEB4BF56-51EE-4318-905E-B65859F7188B}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEB4BF56-51EE-4318-905E-B65859F7188B}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2685D910-9F79-459C-8896-606124B9615A}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2685D910-9F79-459C-8896-606124B9615A}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07C92217-0E09-4574-8713-77379BEC2DF2}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07C92217-0E09-4574-8713-77379BEC2DF2}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FEA4B2-80E7-4F77-BDB3-A05C7B83F1A9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79FEA4B2-80E7-4F77-BDB3-A05C7B83F1A9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Danke euch für die Hilfe!
Gruß Alex:cool:
 
Noch nen Combofix Log.
ComboFix 08-08-18.05 - Alexander Sabo 2008-08-19 19:58:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.372 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Alexander Sabo\Eigene Dateien\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-07-19 bis 2008-08-19 ))))))))))))))))))))))))))))))
.

2008-08-18 21:34 . 2008-08-18 21:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-17 23:21 . 2008-08-17 23:21 <DIR> d-------- C:\Programme\Trend Micro
2008-08-15 13:23 . 2008-08-15 13:23 <DIR> d-------- C:\Programme\Kellogg's
2008-08-13 14:47 . 2008-08-13 14:47 <DIR> d-------- C:\Programme\Aloha TriPeaks Deluxe
2008-08-13 10:16 . 2008-08-13 10:16 <DIR> d-------- C:\Programme\OXXOGames
2008-08-10 14:53 . 2008-08-10 14:54 <DIR> d-------- C:\Programme\Pizza Frenzy Deluxe
2008-08-07 19:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-07 18:57 . 2008-08-07 18:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-08-05 10:17 . 2008-08-05 10:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\BOONTY Shared
2008-08-05 10:17 . 2008-08-05 10:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOONTY
2008-08-05 09:20 . 2008-08-05 15:24 <DIR> d-------- C:\Programme\BoontyGames
2008-08-05 09:20 . 2008-08-05 09:20 <DIR> d-------- C:\Programme\Boonty
2008-08-04 15:44 . 2008-08-04 15:44 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-08-04 14:44 . 2008-08-04 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fugazo
2008-08-04 14:34 . 2008-08-04 15:47 <DIR> d-------- C:\Programme\Airport Mania - First Flight
2008-08-04 14:12 . 2008-08-04 14:44 <DIR> d-------- C:\Programme\Cooking Academy
2008-08-04 12:24 . 2008-08-04 12:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii
2008-08-03 12:01 . 2008-08-03 12:01 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Playrix Entertainment
2008-08-03 11:34 . 2008-08-03 11:34 <DIR> d-------- C:\Programme\Fishdom
2008-08-03 11:01 . 2008-08-04 12:24 <DIR> d-------- C:\Programme\Babysitting Mania
2008-08-02 16:35 . 2008-08-02 16:35 <DIR> d-------- C:\XPpostSP2update
2008-07-26 21:10 . 2006-02-28 14:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-07-26 21:09 . 2006-02-28 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-26 21:08 . 2006-02-28 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-26 21:07 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-26 21:05 . 2008-07-26 21:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-26 20:54 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\de-de
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\de
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-26 18:07 . 2008-07-26 18:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-26 18:05 . 2008-07-26 18:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-26 17:48 . 2006-02-28 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-22 22:19 . 2008-07-22 22:20 0 --a------ C:\WINDOWS\system32\pqtmp.fil
2008-07-22 22:18 . 2008-07-22 22:18 1,245 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB
2008-07-22 22:09 . 2001-12-04 07:01 1,379,208 --a------ C:\WINDOWS\system32\XMNT2001.EXE
2008-07-22 22:09 . 2001-12-04 07:01 3,360 --a------ C:\WINDOWS\system32\drivers\PQNTDRV.SYS
2008-07-22 22:08 . 2008-07-22 22:08 <DIR> d-------- C:\Programme\PowerQuest
2008-07-22 21:18 . 2008-08-16 21:03 <DIR> d-------- C:\Programme\PokerStars
2008-07-22 20:36 . 2006-11-23 16:45 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-22 20:35 . 2008-07-22 20:36 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2008-07-22 20:34 . 2008-07-22 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\TuneUp Software
2008-07-22 20:33 . 2008-07-22 20:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-22 20:33 . 2008-07-22 20:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-07-21 13:45 . 2008-07-21 13:45 <DIR> d-------- C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\ITTNord
2008-07-20 22:32 . 2008-07-20 22:32 <DIR> d-------- C:\Programme\ReflexiveArcade

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 18:00 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Skype
2008-08-19 14:03 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\skypePM
2008-08-17 21:15 --------- d-----w C:\Programme\GamesBar
2008-08-08 14:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GamesBar
2008-08-07 19:23 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-08-07 19:23 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-07 17:06 --------- d-----w C:\Programme\Java
2008-08-04 14:44 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Zylom
2008-07-29 13:22 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\PlayFirst
2008-07-29 13:21 --------- d-----w C:\Programme\Zylom Games
2008-07-22 20:08 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-22 20:03 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-07-21 12:56 --------- d-----w C:\Programme\McDonaldsFairies
2008-07-21 12:56 --------- d-----w C:\Programme\Gamenext
2008-07-21 12:53 --------- d-----w C:\Programme\Gamesload Spiele
2008-07-10 20:51 --------- d-----w C:\Programme\Windows Installer 4.5 SDK
2008-07-10 20:19 --------- d-----w C:\Programme\xpTuner
2008-07-06 19:26 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Ahead
2008-07-04 13:46 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Media Player Classic
2008-06-23 18:13 --------- d-----w C:\Programme\Chocolatier Deluxe
2008-06-23 10:26 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Meridian93
2008-06-22 12:13 --------- d-----w C:\Programme\Firaxis Games
2008-06-22 11:18 --------- d-----w C:\Programme\trellian
2008-06-21 17:18 --------- d-----w C:\Programme\Gemeinsame Dateien\Oberon Media
2008-06-21 16:08 --------- d-----w C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Friday's games
2008-06-12 12:30 0 ----a-w C:\Programme\temp01
2008-06-11 18:11 745,472 ----a-w C:\WINDOWS\iun6002.exe
.

------- Sigcheck -------

2006-02-28 14:00 1042432 8b32c91920ed508519cf3fabfee90069 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1043456 6727eef4b3759dcd2ba3c2701f1e41b0 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 14:00 1042432 5bcc9ea57e397bdb2364ca27a34d5e75 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:22 1043968 f0bf0bbb1c47991424a50cfd9f94455c C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\explorer.exe

2008-04-14 04:22 22528 95d7c836e10f02b1521493b20327d2bd C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\ctfmon.exe
2006-02-28 14:00 22528 665d9ab270fbb19636328a6207708e80 C:\WINDOWS\system32\ctfmon.exe
2006-02-28 14:00 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17 65024 8aa8852d6b80b3869eefc3e46fbfab38 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2006-02-28 14:00 65024 7d6e77234a265969ee198570da793d27 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:23 65024 da1bda1aaf9f13b7e6e4f4237787e2a2 C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\spoolsv.exe
2006-02-28 14:00 65024 dcc2a1470df5ba4e3f06028c0c0332b5 C:\WINDOWS\system32\spoolsv.exe

2008-04-14 04:23 33792 72cc83a1a27e42cf962d79e22e7014ec C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\userinit.exe
2006-02-28 14:00 32256 afe03035ccb87f1934f07bbb8fc660f9 C:\WINDOWS\system32\userinit.exe
2006-02-28 14:00 25088 d1e53dc57143f2584b1dd53b036c0633 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-17_23.18.09.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2005-01-28 13:23:20 196,608 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\LastGood\INF\unregmp2.exe
+ 2006-02-28 12:00:00 9,216 ----a-w C:\WINDOWS\LastGood\system32\asferror.dll
+ 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\LastGood\system32\Audiodev.dll
+ 2006-02-28 12:00:00 286,208 ----a-w C:\WINDOWS\LastGood\system32\blackbox.dll
+ 2006-02-28 12:00:00 159,232 ----a-w C:\WINDOWS\LastGood\system32\cewmdm.dll
+ 2006-02-28 12:00:00 299,520 ----a-w C:\WINDOWS\LastGood\system32\drmclien.dll
+ 2006-02-28 12:00:00 87,040 ----a-w C:\WINDOWS\LastGood\system32\drmstor.dll
+ 2006-02-28 12:00:00 695,296 ----a-w C:\WINDOWS\LastGood\system32\drmv2clt.dll
+ 2006-02-28 12:00:00 6,656 ----a-w C:\WINDOWS\LastGood\system32\laprxy.dll
+ 2006-02-28 12:00:00 111,104 ----a-w C:\WINDOWS\LastGood\system32\logagent.exe
+ 2006-02-28 12:00:00 259,072 ----a-w C:\WINDOWS\LastGood\system32\msnetobj.dll
+ 2006-02-28 12:00:00 52,736 ----a-w C:\WINDOWS\LastGood\system32\MsPMSNSv.dll
+ 2006-02-28 12:00:00 201,728 ----a-w C:\WINDOWS\LastGood\system32\MsPMSP.dll
+ 2006-02-28 12:00:00 356,352 ----a-w C:\WINDOWS\LastGood\system32\MSSCP.dll
+ 2006-02-28 12:00:00 246,272 ----a-w C:\WINDOWS\LastGood\system32\MSWMDM.dll
+ 2006-02-28 12:00:00 237,568 ----a-w C:\WINDOWS\LastGood\system32\qasf.dll
+ 2006-02-28 12:00:00 408,064 ----a-w C:\WINDOWS\LastGood\system32\wmadmod.dll
+ 2006-02-28 12:00:00 670,720 ----a-w C:\WINDOWS\LastGood\system32\wmadmoe.dll
+ 2006-02-28 12:00:00 230,400 ----a-w C:\WINDOWS\LastGood\system32\wmasf.dll
+ 2006-02-28 12:00:00 27,136 ----a-w C:\WINDOWS\LastGood\system32\WMDMLOG.dll
+ 2006-02-28 12:00:00 23,552 ----a-w C:\WINDOWS\LastGood\system32\WMDMPS.dll
+ 2006-10-18 19:47:18 429,056 ----a-w C:\WINDOWS\LastGood\system32\WMDRMdev.dll
+ 2006-10-18 19:47:20 348,672 ----a-w C:\WINDOWS\LastGood\system32\WMDRMNet.dll
+ 2006-02-28 12:00:00 202,752 ----a-w C:\WINDOWS\LastGood\system32\wmerror.dll
+ 2006-02-28 12:00:00 151,552 ----a-w C:\WINDOWS\LastGood\system32\wmidx.dll
+ 2006-02-28 12:00:00 1,050,624 ----a-w C:\WINDOWS\LastGood\system32\wmnetmgr.dll
+ 2006-02-28 12:00:00 4,874,240 ----a-w C:\WINDOWS\LastGood\system32\wmp.dll
+ 2006-02-28 12:00:00 114,688 ----a-w C:\WINDOWS\LastGood\system32\wmpasf.dll
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\LastGood\system32\wmpcd.dll
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\LastGood\system32\wmpcore.dll
+ 2006-02-28 12:00:00 233,472 ----a-w C:\WINDOWS\LastGood\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 1,661,440 ----a-w C:\WINDOWS\LastGood\system32\wmpencen.dll
+ 2006-02-28 12:00:00 2,973,696 ----a-w C:\WINDOWS\LastGood\system32\wmploc.dll
+ 2006-02-28 12:00:00 102,400 ----a-w C:\WINDOWS\LastGood\system32\wmpshell.dll
+ 2006-10-18 19:47:20 204,288 ----a-w C:\WINDOWS\LastGood\system32\wmpsrcwp.dll
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\LastGood\system32\wmpui.dll
+ 2006-02-28 12:00:00 759,296 ----a-w C:\WINDOWS\LastGood\system32\wmsdmod.dll
+ 2006-02-28 12:00:00 1,119,744 ----a-w C:\WINDOWS\LastGood\system32\wmsdmoe2.dll
+ 2006-02-28 12:00:00 484,864 ----a-w C:\WINDOWS\LastGood\system32\wmspdmod.dll
+ 2006-02-28 12:00:00 896,512 ----a-w C:\WINDOWS\LastGood\system32\wmspdmoe.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\LastGood\system32\wmvadvd.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\LastGood\system32\WMVADVE.DLL
+ 2006-02-28 12:00:00 2,105,344 ----a-w C:\WINDOWS\LastGood\system32\wmvcore.dll
+ 2006-02-28 12:00:00 809,984 ----a-w C:\WINDOWS\LastGood\system32\wmvdmod.dll
+ 2006-02-28 12:00:00 1,001,472 ----a-w C:\WINDOWS\LastGood\system32\wmvdmoe2.dll
+ 2006-02-28 12:00:00 159,232 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2006-02-28 12:00:00 52,736 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2006-02-28 12:00:00 201,728 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2006-02-28 12:00:00 356,352 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2006-02-28 12:00:00 246,272 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2006-02-28 12:00:00 27,136 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2006-02-28 12:00:00 23,552 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2005-01-28 06:53:20 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 06:53:20 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 06:53:20 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 11:32:44 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 13:23:20 316,416 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 06:53:20 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 06:53:20 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2006-02-28 12:00:00 786,432 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
+ 2005-01-28 13:23:20 827,392 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpui.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpui.dll
+ 2006-02-28 12:00:00 408,064 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2006-02-28 12:00:00 759,296 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2006-02-28 12:00:00 484,864 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvadvd.dll
+ 2006-02-28 12:00:00 809,984 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2005-01-28 11:32:44 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 11:32:56 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 11:32:44 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 11:32:56 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 11:32:58 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2006-02-28 12:00:00 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2006-02-28 12:00:00 111,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2006-02-28 12:00:00 237,568 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2006-02-28 12:00:00 670,720 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2006-02-28 12:00:00 230,400 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2006-10-18 19:47:18 429,056 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMdev.dll
+ 2006-10-18 19:47:20 348,672 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMNet.dll
+ 2006-02-28 12:00:00 151,552 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2006-02-28 12:00:00 1,050,624 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2006-02-28 12:00:00 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2006-02-28 12:00:00 896,512 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMVADVE.DLL
+ 2006-02-28 12:00:00 2,105,344 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2006-02-28 12:00:00 1,001,472 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2005-01-28 06:53:16 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-27 23:21:46 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 06:53:22 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 06:53:18 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 06:53:16 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 06:53:50 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 06:53:54 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 06:53:16 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 06:53:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 06:53:18 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 06:53:18 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 06:53:20 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 11:32:58 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 06:53:18 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2006-02-28 12:00:00 286,208 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2006-02-28 12:00:00 299,520 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2006-02-28 12:00:00 87,040 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2006-02-28 12:00:00 695,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2006-02-28 12:00:00 259,072 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2005-01-28 06:53:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 11:32:44 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 06:53:22 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 06:53:38 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 06:53:22 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\wmpcd.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\wmpcd.dll
+ 2006-02-28 12:00:00 9,216 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\asferror.dll
+ 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Audiodev.dll
+ 2006-02-28 12:00:00 28,672 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\custsat.dll
+ 2006-02-28 12:00:00 794,624 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
+ 2006-02-28 12:00:00 368,640 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\mpvis.dll
+ 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
+ 2006-02-28 12:00:00 202,752 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmerror.dll
+ 2006-10-18 18:05:00 248,832 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmlaunch.exe
+ 2006-02-28 12:00:00 4,874,240 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmp.dll
+ 2006-02-28 12:00:00 114,688 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpasf.dll
+ 2006-02-28 12:00:00 98,304 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpband.dll
+ 2006-02-28 12:00:00 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpdxm.dll
+ 2006-10-18 18:05:02 32,768 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpenc.exe
+ 2006-10-18 19:47:20 1,661,440 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpencen.dll
+ 2006-02-28 12:00:00 81,920 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
+ 2006-02-28 12:00:00 2,973,696 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmploc.dll
+ 2006-02-28 12:00:00 102,400 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpshell.dll
+ 2006-10-18 19:47:20 204,288 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpsrcwp.dll
+ 2005-01-28 13:23:32 9,216 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\asferror.dll
+ 2005-01-28 13:23:20 486,400 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\Audiodev.dll
+ 2004-12-21 10:14:24 28,672 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\custsat.dll
+ 2005-01-27 23:26:42 991,232 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
+ 2005-01-28 13:23:20 352,256 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\mpvis.dll
+ 2005-01-28 13:23:20 196,608 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
+ 2005-01-28 13:23:32 228,352 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmerror.dll
+ 2005-01-27 23:26:30 122,880 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
+ 2005-01-28 06:53:16 5,525,504 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp.dll
+ 2005-01-28 06:53:20 135,168 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpasf.dll
+ 2005-01-28 13:23:20 77,824 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpband.dll
+ 2005-01-28 06:53:20 282,624 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpdxm.dll
+ 2005-01-27 23:26:30 28,672 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
+ 2005-01-28 06:53:18 1,594,880 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpencen.dll
+ 2005-01-28 13:23:20 73,728 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
+ 2005-01-28 13:23:22 3,407,872 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmploc.dll
+ 2005-01-28 13:23:26 86,016 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpshell.dll
+ 2005-01-28 06:53:18 175,104 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpsrcwp.dll
- 2006-02-28 12:00:00 9,216 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2005-01-28 13:23:32 9,216 ----a-w C:\WINDOWS\system32\asferror.dll
- 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2005-01-28 13:23:20 486,400 ----a-w C:\WINDOWS\system32\Audiodev.dll
- 2006-02-28 12:00:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2005-01-28 06:53:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2006-02-28 12:00:00 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2005-01-28 06:53:20 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2006-02-28 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2005-01-28 13:23:32 9,216 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2006-02-28 12:00:00 286,208 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2005-01-28 06:53:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2006-02-28 12:00:00 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2005-01-28 06:53:20 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2006-02-28 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-12-21 10:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2006-02-28 12:00:00 299,520 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 11:32:44 258,296 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2006-02-28 12:00:00 87,040 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 06:53:22 96,768 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2006-02-28 12:00:00 695,296 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2005-01-28 06:53:38 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2006-02-28 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2005-01-28 06:53:16 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
- 2006-02-28 12:00:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2005-01-28 13:23:20 352,256 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2006-02-28 12:00:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2005-01-28 06:53:22 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2006-02-28 12:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2005-01-28 06:53:20 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2006-02-28 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2005-01-28 06:53:20 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2006-02-28 12:00:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2005-01-28 11:32:44 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-02-28 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2005-01-28 13:23:20 316,416 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2006-02-28 12:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2005-01-28 06:53:22 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2006-02-28 12:00:00 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2005-01-28 11:32:44 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
- 2006-02-28 12:00:00 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2005-01-28 06:53:18 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
- 2006-02-28 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2005-01-28 06:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-02-28 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2005-01-28 06:53:20 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2006-02-28 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2005-01-28 06:53:20 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2006-02-28 12:00:00 202,752 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2005-01-28 13:23:32 228,352 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2006-02-28 12:00:00 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2005-01-28 06:53:16 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2006-02-28 12:00:00 1,050,624 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2005-01-28 06:53:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
- 2006-02-28 12:00:00 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2005-01-28 06:53:16 5,525,504 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-02-28 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2005-01-28 06:53:20 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2006-02-28 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2005-01-28 13:23:20 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2006-02-28 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpcd.dll
+ 2005-01-28 06:52:52 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpcd.dll
- 2006-02-28 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpcore.dll
+ 2005-01-28 06:52:52 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpcore.dll
- 2006-02-28 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2005-01-28 06:53:20 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2006-02-28 12:00:00 2,973,696 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2005-01-28 13:23:22 3,407,872 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2006-02-28 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2005-01-28 13:23:26 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2006-02-28 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpui.dll
+ 2005-01-28 06:52:52 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wmpui.dll
- 2006-02-28 12:00:00 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2005-01-28 11:32:56 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2006-02-28 12:00:00 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2005-01-28 06:53:18 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2006-02-28 12:00:00 484,864 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2005-01-28 11:32:44 413,944 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
- 2006-02-28 12:00:00 896,512 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2005-01-28 06:53:18 940,544 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
- 2006-02-28 12:00:00 2,105,344 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2005-01-28 11:32:58 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-02-28 12:00:00 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2005-01-28 11:32:58 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2006-02-28 12:00:00 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2005-01-28 06:53:18 1,003,008 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
- 2006-02-28 12:00:00 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 11:32:44 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2006-02-28 12:00:00 87,040 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 06:53:22 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
- 2006-02-28 12:00:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2005-01-28 06:53:38 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2006-02-28 12:00:00 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2005-01-28 06:53:16 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
- 2006-02-28 12:00:00 111,104 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2005-01-27 23:21:46 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
- 2006-02-28 12:00:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2005-01-28 06:53:22 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2006-02-28 12:00:00 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2005-01-28 06:53:20 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
- 2006-02-28 12:00:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2005-01-28 06:53:20 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
- 2006-02-28 12:00:00 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2005-01-28 11:32:44 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
- 2006-02-28 12:00:00 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2005-01-28 13:23:20 316,416 ----a-w C:\WINDOWS\system32\MSWMDM.dll
- 2006-02-28 12:00:00 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2005-01-28 06:53:22 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
- 2006-02-28 12:00:00 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2005-01-28 11:32:44 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2006-02-28 12:00:00 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2005-01-28 06:53:18 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
- 2006-02-28 12:00:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2005-01-28 06:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-02-28 12:00:00 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2005-01-28 06:53:20 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
- 2006-02-28 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2005-01-28 06:53:20 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
- 2006-10-18 19:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
+ 2005-01-28 06:53:50 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
- 2006-10-18 19:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2005-01-28 06:53:54 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
- 2006-02-28 12:00:00 202,752 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2005-01-28 13:23:32 228,352 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2006-02-28 12:00:00 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2005-01-28 06:53:16 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2006-02-28 12:00:00 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2005-01-28 06:53:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2006-02-28 12:00:00 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2005-01-28 06:53:16 5,525,504 ----a-w C:\WINDOWS\system32\wmp.dll
- 2006-02-28 12:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2005-01-28 06:53:20 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\system32\wmpcd.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\system32\wmpcd.dll
- 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\system32\wmpcore.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\system32\wmpcore.dll
- 2006-02-28 12:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2005-01-28 06:53:20 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
- 2006-10-18 19:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2005-01-28 06:53:18 1,594,880 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2006-02-28 12:00:00 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2005-01-28 13:23:22 3,407,872 ----a-w C:\WINDOWS\system32\wmploc.dll
- 2006-02-28 12:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2005-01-28 13:23:26 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-10-18 19:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2005-01-28 06:53:18 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\system32\wmpui.dll
+ 2005-01-28 06:52:52 20,480 ----a-w C:\WINDOWS\system32\wmpui.dll
- 2006-02-28 12:00:00 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2005-01-28 11:32:56 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2006-02-28 12:00:00 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2005-01-28 06:53:18 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2006-02-28 12:00:00 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2005-01-28 11:32:44 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
- 2006-02-28 12:00:00 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2005-01-28 06:53:18 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
- 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
+ 2005-01-28 11:32:56 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
- 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2005-01-28 06:53:20 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-02-28 12:00:00 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2005-01-28 11:32:58 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2006-02-28 12:00:00 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2005-01-28 11:32:58 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2006-02-28 12:00:00 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2005-01-28 06:53:18 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 22528]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 163840]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SiSPower"="SiSPower.dll" [2007-01-23 13:34 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 585728 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 22528]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
AudioDeck.lnk - C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-06-11 19:05:39 589824]
BTTray.lnk - C:\Programme\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 17:05:38 553021]
WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE [2008-06-22 13:12:33 114753]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Programme\\Hercules\\Classic Silver\\Station2.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29]
S2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2006-02-28 14:00]
S3 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe [2008-08-05 10:17]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 16:45]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-08-15 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 16:46]
.
.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Alexander Sabo\Anwendungsdaten\Mozilla\Firefox\Profiles\mpzmr5kv.Alex\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 20:00:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-08-19 20:02:04
ComboFix-quarantined-files.txt 2008-08-19 18:01:55
ComboFix2.txt 2008-08-17 21:18:38

Pre-Run: 7 Verzeichnis(se), 67,163,172,864 Bytes frei
Post-Run: 10 Verzeichnis(se), 67,155,120,128 Bytes frei

501 --- E O F --- 2008-06-13 01:02:26
 
Das aendert nichts am Problem, das dein Rechner immer noch total durchseucht ist.

Du kannst gerne einen Kontrollscan mit Drweb Cureit machen
http://board.protecus.de/t29350.htm

Sofern das funktioniert, denn es sollte auch gleich infiziert werden, wenn du es herunterlaedst. Denke daran, das dein Rechner derzeit andere (ungeschuetzte) Rechner im internet infizieren kann!

Lasse Drweb nicht die Virut Infektion bereinigen! Es besteht die moeglichkeit das es die infizierten Dateien beschaedigt beim reinigen und dein System so sogar unstartbar wird.

Dein Rechner sollte im Grunde genommen nicht mehr ins Internet gelassen werden!
 
You must log in or register to reply here.
Back
Top