Hier die gewünschten logs:
ComboFix 08-02-13.2 - x 2008-02-13 12:19:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.576 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\x\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddcdaxv.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\xjxcrsvt.dll
C:\Programme\Internet Explorer\msvcrt.dll
C:\RECYCLER\ow.dll
C:\WINDOWS\system32\byxeduwo.dll
C:\WINDOWS\SYSTEM32\dcbeg.ini
C:\WINDOWS\SYSTEM32\dcbeg.ini2
C:\WINDOWS\system32\ddcdaxv.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\mapvorgo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nsoCEA.dll
C:\WINDOWS\SYSTEM32\owudexyb.ini
C:\WINDOWS\system32\ulswnhhh.dll
C:\WINDOWS\system32\xjxcrsvt.dll
C:\WINDOWS\system32\xjxcrsvt.dllbox
.
((((((((((((((((((((((( Dateien erstellt von 2008-01-13 bis 2008-02-13 ))))))))))))))))))))))))))))))
.
2008-02-13 11:57 . 2008-02-13 11:57 <DIR> d-------- C:\Programme\CCleaner
2008-02-13 11:47 . 2008-02-13 11:47 1,706 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-02-13 11:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-02-13 11:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-02-13 11:26 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-02-13 11:26 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-02-13 11:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-02-13 11:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-02-13 11:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-02-13 10:08 . 2008-02-13 10:08 <DIR> d-------- C:\Programme\Trend Micro
2008-02-12 20:48 . 2008-02-12 20:48 29,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\smss.exe
2008-02-12 20:48 . 2008-02-12 20:48 29,184 --a------ C:\Dokumente und Einstellungen\x\957123845.exe
2008-02-12 17:46 . 2008-02-12 17:46 <DIR> d-------- C:\Programme\Lavasoft
2008-02-12 17:46 . 2008-02-12 17:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft
2008-02-12 17:23 . 2008-02-12 20:48 84,729 --a------ C:\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall .exe
2008-02-10 23:49 . 2008-02-10 23:49 <DIR> d-------- C:\Programme\Quick Video Converter
2008-02-10 23:49 . 2008-02-10 23:49 <DIR> d-------- C:\Programme\GPL MPEG Decoder
2008-02-10 23:49 . 2008-02-10 23:49 <DIR> d-------- C:\Programme\AC3Filter
2008-02-10 23:24 . 2002-01-05 02:37 165,376 --a------ C:\WINDOWS\SYSTEM32\msvcr70.dll
2008-02-10 23:24 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\SYSTEM32\WNASPI32.DLL
2008-02-10 23:24 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS
2008-02-10 23:24 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\SYSTEM\WINASPI.DLL
2008-02-10 23:24 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\SYSTEM\WOWPOST.EXE
2008-02-10 18:26 . 2008-02-10 18:26 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ashampoo
2008-02-10 13:11 . 2008-02-10 13:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{0DC45D3B-CECB-45FB-8EE0-26133BEE4095}
2008-02-08 15:52 . 2008-02-08 15:52 335,872 --a------ C:\WINDOWS\SYSTEM32\mysidesearch_sidebar.dll
2008-02-01 17:06 . 2008-02-05 18:11 <DIR> d-------- C:\Programme\Mozilla Firefox 3 Beta 2
2008-01-29 15:58 . 2008-02-11 22:12 1,632 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-25 16:55 . 2008-01-25 17:12 0 --a------ C:\FileOut.Cns
2008-01-25 16:55 . 2008-01-25 17:12 0 --a------ C:\FileIn.Cns
2008-01-25 10:11 . 2008-01-25 10:11 46,300 --a------ C:\WINDOWS\SYSTEM32\AdssiteSocial-uninstall.exe
2008-01-24 18:40 . 2008-01-24 18:40 3,346,790 --a------ C:\WINDOWS\bexhex.scr
2008-01-24 18:38 . 2008-01-24 18:38 8,161,937 --a------ C:\WINDOWS\kleinerote.scr
2008-01-18 17:03 . 2008-01-18 17:03 <DIR> d-------- C:\Programme\Safari
2008-01-18 17:03 . 2008-01-18 17:03 <DIR> d-------- C:\Programme\Apple Software Update
2008-01-18 17:03 . 2008-01-18 17:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple
2008-01-18 11:06 . 2008-01-18 11:06 294,912 --a------ C:\WINDOWS\SYSTEM32\iebrowserc.dll
2008-01-16 14:23 . 2008-01-16 14:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\QuickTime
2008-01-16 14:23 . 2007-12-17 03:34 107,864 --a------ C:\WINDOWS\SYSTEM32\tsccvid.dll
2008-01-16 14:22 . 2008-01-16 14:22 <DIR> d-------- C:\Programme\TechSmith
2008-01-16 14:22 . 2008-01-16 14:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\TechSmith Shared
2008-01-16 14:05 . 2008-01-16 14:06 <DIR> d-------- C:\Programme\Flash Movie Extract Pilot
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-02-12 16:46 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-10 22:23 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-01-29 12:55 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-01-25 15:22 --------- d-----w C:\Programme\Microsoft Games
2008-01-18 16:03 --------- d-----w C:\Dokumente und Einstellungen\x\Anwendungsdaten\Apple Computer
2008-01-18 15:56 --------- d-----w C:\Programme\Wyzo
2008-01-10 17:22 --------- d-----w C:\Programme\T-Com
2008-01-08 14:44 --------- d-----w C:\Programme\ICQLite
2008-01-07 19:12 0 ----a-w C:\WINDOWS\system32\drivers\a2quewv9.SYS
2008-01-07 19:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 13:51 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2008-01-04 12:49 --------- d-----w C:\Programme\StreamDown v6.4
2007-01-21 12:59 162,304 ----a-w C:\Programme\UNWISE.EXE
2004-01-26 09:19 1,693 ----a-w C:\Programme\INSTALL.LOG
1996-12-02 15:44 582,144 ----a-w C:\Programme\Gemeinsame Dateien\dao350.dll
2007-03-04 19:32 61 --sh--w C:\WINDOWS\cnerolf.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2008-02-08 15:52 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_0 2\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-08-09 00:03 286720]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Contro lCenter.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Contro lCenter.lnk
backup=C:\WINDOWS\pss\ControlCenter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Kasper sky Anti-Hacker.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Kasper sky Anti-Hacker.lnk
backup=C:\WINDOWS\pss\Kaspersky Anti-Hacker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Micros oft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Micros oft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Privox y.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Privox y.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 10:28 139264 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTD RSS Reader]
--a------ 2006-09-21 15:07 724992 C:\Programme\FTD RSS Reader\FTD_RSS_Reader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\lctqwuym.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a--c--- 2006-07-11 11:15 3144800 X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Sound Recorder]
--a--c--- 2007-03-07 15:07 270336 x:\MegaSoundRecorder\Mega Sound Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-03 23:58 1667584 C:\Programme\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
--a------ 2006-01-31 02:14 131072 C:\MSN Webcam Recorder\ml20gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programme\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
--a--c--- 2007-03-07 15:07 270336 X:\MegaSoundRecorder\Mega Sound Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-04-05 09:49 214448 C:\Programme\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\system32\spads.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programme\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Programme\Save\Save.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-08-29 19:54 4621816 C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 15:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 15:06]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sy s [2007-05-18 20:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sy s [2007-05-18 20:52]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R2 drhard;drhard;C:\WINDOWS\system32\drivers\drhard.s ys [2005-12-01 10:49]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 fwrnusb;fwrnusb;C:\WINDOWS\system32\DRIVERS\fwrnus b.sys [2006-01-30 11:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.s ys [2001-11-29 09:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A50FE7E6-0CCF-C0B0-88D1-9646EBAC896E}]
C:\Programme\AcrobatReader\Acrobat.exe s
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-13 12:33:32
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 2939
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
************************************************** ************************
.
Zeit der Fertigstellung: 2008-02-13 12:43:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 11:42:26
ComboFix2.txt 2007-06-25 10:34:11
Die 30 neuesten Dateien im Ordner Windows:
***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****
13.02.2008 setupapi.log 12 57:649
13.02.2008 WindowsUpdate.log 12 56:336.815
13.02.2008 0.log 12 50:0
13.02.2008 wiadebug.log 12 50:159
13.02.2008 wiaservc.log 12 50:50
13.02.2008 bootstat.dat 12 49:2.048
13.02.2008 system.ini 12 33:227
12.02.2008 NeroDigital.ini 22 39:229
12.02.2008 AviSplitter.INI 21 56:38
12.02.2008 win.ini 12 18:658
06.02.2008 mozver.dat 11 18:6.795
24.01.2008 bexhex.scr 18 40:3.346.790
10.01.2008 hmview.ini 18 25:46
56K 04.01.2008 ModemLog_NetoDragon 17 33:3.416
26.11.2007 ODBC.INI 13 41:751
14.10.2007 marscam.ini 20 51:37
14.10.2007 mr310twc.src 20 51:12.106
25.09.2007 BRWMARK.INI 09 42:453
25.09.2007 BRPP2KA.INI 09 42:26
16.08.2007 SGTBox.INI 13 39:81.262
09.07.2007 flashax.exe 00 25:606.848
09.07.2007 impborl.dll 00 25:12.288
09.07.2007 777Boeing_BCA2.scr 00 24:491.520
25.06.2007 KTEL.INI 23 27:70
03.05.2007 atiogl.xml 18 52:11.557
03.05.2007 go 14 59:32
Die 50 neuesten Dateien im Ordner Windows\system32:
***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****
13.02.2008 tmp.txt 11 47:0
13.02.2008 tmp.reg 11 47:1.706
13.02.2008 wpa.dbl 11 37:13.646
12.02.2008 mysidesearch_sidebar_uninstall.exe 20 48:84.729
12.02.2008 d3d9caps.dat 17 10:8.668
12.02.2008 adssite-remove.exe 14 43:80.090
11.02.2008 d3d8caps.dat 22 12:1.632
10.02.2008 msvbvm60.dll 18 13:1.386.496
08.02.2008 VACFix.exe 23 55:85.504
08.02.2008 mysidesearch_sidebar.dll 15 52:335.872
08.02.2008 IEDFix.exe 10 37:82.432
05.02.2008 adssite_sidebar_uninstall.exe 18 11:77.353
26.01.2008 FNTCACHE.DAT 14 50:251.880
25.01.2008 AdssiteSocial-uninstall.exe 10 11:46.300
18.01.2008 iebrowserc.dll 11 06:294.912
21.12.2007 WhoisCL.exe 15 39:10.752
18.12.2007 adssite_sidebar.dll 15 46:319.488
18.12.2007 csvidcap.dll 11 25:50.520
17.12.2007 tsccvid.dll 03 34:107.864
14.12.2007 lsdelete.exe 11 32:12.632
20.11.2007 rightonadz-uninst.exe 16 31:40.733
20.11.2007 CmdLineExt.dll 15 04:108.144
07.11.2007 superiorads-uninst.exe 14 41:40.731
28.10.2007 perfh009.dat 09 30:401.064
28.10.2007 perfc007.dat 09 30:74.996
28.10.2007 perfh007.dat 09 30:415.470
28.10.2007 perfc009.dat 09 30:62.344
28.10.2007 PerfStringBackup.INI 09 30:966.250
14.10.2007 wrap_oal.dll 11 02:409.600
14.10.2007 OpenAL32.dll 11 02:114.688
11.10.2007 xinput9_1_0.dll 18 18:61.136
11.10.2007 D3DX9_29.DLL 18 18:2.332.368
03.10.2007 WS2Fix.exe 23 36:25.600
05.09.2007 VCCLSID.exe 23 22:289.144
03.09.2007 810429tv3-test.jun 08 46:10
22.08.2007 ATIDEMGX.dll 03 09:352.256
22.08.2007 ati2dvag.dll 03 07:268.800
22.08.2007 atiiiexx.dll 03 07:307.200
22.08.2007 atipdlxx.dll 02 59:143.360
22.08.2007 Ati2mdxx.exe 02 59:26.112
22.08.2007 ati2edxx.dll 02 58:43.520
22.08.2007 ati2evxx.dll 02 58:122.880
22.08.2007 ati2evxx.exe 02 57:487.424
22.08.2007 ATIDDC.DLL 02 56:53.248
22.08.2007 atioglx2.dll 02 48:8.306.688
22.08.2007 ati3duag.dll 02 47:3.091.392
22.08.2007 ativvaxx.dll 02 35:1.586.816
***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****
127.0.0.1 localhost
***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****
Microsoft Windows XP [Version 5.1.2600]
http://www.paules-pc-forum.de
***** Malware Team *****
***** Ende des Scans 13.02.2008 um 13:01:48,89 ***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:27, on 13.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.d ll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - x:\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Save Flash - res://C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - x:\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - x:\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 6102 bytes
Storageprotector Verlinkungen / Desktop funkioniert nicht mehr 
Linear-Darstellung
