derfreak

Ich habe schon seit längerem ein problem.... ich weiß nicht wann es passiert ist und und wie... ich kann mein internet explorer nicht benutzen und andere browser dergleichen auch, mit wmplayer kann ich keine internetstreams hören(dies geht nur mit winamp), keine fotos mehr ins internet hochladen... und vieles mehr nicht, was ich früher konnte und was mir jetzt nicht einfällt. Momentan benutz ich firefox, da ich mit diesem Browser als einziges surfen kann...
Ich hoffe ihr könnt mir helfen... Ist mit der zeit echt lästig geworden!!
habe es jetzt unter virenprobleme gepackt weil ich nicht wirklich weiß was es ist...

DANKESCHÖN IM VORRAUS

Ostseesand

Hi,

mach doch mal einen virencheck.
lade dir hijackthis und führe es aus. das erstellte logfile poste hier rein.

derfreak

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:28, on 25.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vsnp2std.exe
C:\Users\lothar\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:5002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lothar\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsWelcomeObserver] C:\Users\lothar\AppData\Roaming\Microsoft Connect Driver.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B0518E-E422-440B-8347-3C51B8802062}: NameServer = 62.220.18.8 89.246.64.8
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\PSEXESVC.EXE

Humdinger

Das System ist infiziert!

Arbeite den unteren Teil für VISTA Nutzer ab:
http://www.paules-pc-forum.de/phpBB2/topic,98281.html
poste hier die Reporte

derfreak

ich werds jetzt machen ... hoffe mal dass das problem später behoben ist ... !
danke!

derfreak

habe counter spy runtergeladen und er zeigt mir folgende fehlermeldung an wenn ich ihn installieren will:
Error 2738. Could not access VBScript run time for custom action .

derfreak

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 722

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 139992
Scan Dauer: 47 minute(s), 40 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)

derfreak

ComboFix 08-05-24.1 - lothar 2008-05-25 20:08:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.137 [GMT 2:00]
ausgeführt von:: C:\Users\lothar\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-25 bis 2008-05-25 ))))))))))))))))))))))))))))))
.

2008-05-25 19:34 . 2008-05-25 19:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-25 19:34 . 2008-05-25 19:34 <DIR> d-------- C:\Program Files\CCleaner
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\Users\lothar\AppData\Roaming\Malwarebytes
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-25 18:15 . 2008-05-25 18:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 18:15 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-25 18:15 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-25 16:41 . 2008-05-25 16:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 23:19 . 2008-05-01 23:19 <DIR> d-------- C:\Program Files\Trust Webcam 14881
2008-05-01 23:19 . 2007-01-20 11:37 12,028,800 --a------ C:\Windows\System32\drivers\snp2sxp.sys
2008-05-01 23:19 . 2006-12-04 11:58 675,840 --a------ C:\Windows\vsnp2std.exe
2008-05-01 23:19 . 2004-11-29 19:43 458,752 --a------ C:\Windows\amcap.exe
2008-05-01 23:19 . 2006-10-04 11:33 151,552 --a------ C:\Windows\rsnp2std.dll
2008-05-01 23:19 . 2005-11-24 09:46 114,672 --a------ C:\Windows\kacha.wav
2008-05-01 23:19 . 2006-12-05 11:02 65,536 --a------ C:\Windows\System32\vsnp2std.dll
2008-05-01 23:19 . 2005-11-23 13:55 53,248 --a------ C:\Windows\System32\csnp2std.dll
2008-05-01 23:19 . 2007-01-25 18:48 25,472 --a------ C:\Windows\System32\drivers\sncamd.sys
2008-05-01 23:19 . 2004-12-09 17:23 15,497 --a------ C:\Windows\snp2std.ini
2008-05-01 23:19 . 2004-12-09 17:23 13,022 --a------ C:\Windows\snp2std.src
2008-05-01 22:55 . 2008-05-01 22:55 <DIR> d-------- C:\Windows\PAC207
2008-05-01 22:55 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Trust
2008-05-01 22:55 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\RemoveC
2008-05-01 22:55 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\Remove64C
2008-05-01 22:55 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\PAC207
2008-05-01 22:54 . 2008-05-01 23:18 <DIR> d-------- C:\download
2008-04-30 15:45 . 2008-04-30 15:45 <DIR> d-------- C:\Windows\666CF04177BE414E9A9D0A227E9B48F8.TMP
2008-04-30 15:45 . 2008-04-30 15:46 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-04-25 23:56 . 2008-04-25 23:56 <DIR> d-------- C:\Users\lothar\AppData\Roaming\TomTom
2008-04-25 23:55 . 2008-04-25 23:56 <DIR> d-------- C:\Program Files\TomTom HOME 2

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-05-25 18:07 --------- d-----w C:\Users\lothar\AppData\Roaming\BitTorrent DNA
2008-05-25 15:48 --------- d-----w C:\ProgramData\Google Updater
2008-05-25 15:38 --------- d-----w C:\Users\lothar\AppData\Roaming\StarOffice8
2008-05-25 15:38 --------- d-----w C:\Program Files\Steam
2008-05-25 12:18 385,024 ----a-w C:\Windows\System32\Uninstall Netlog Photo Tool.exe
2008-05-23 19:47 --------- d-----w C:\Program Files\BearShare
2008-05-23 19:46 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-05-17 13:00 --------- d-----w C:\Users\lothar\AppData\Roaming\ICQ
2008-05-01 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 13:45 --------- d-----w C:\ProgramData\Symantec
2008-04-10 20:50 --------- d-----w C:\ProgramData\ScanSoft
2008-04-10 17:34 --------- d-----w C:\Program Files\Brother
2008-04-10 17:27 --------- d-----w C:\Program Files\Nuance
2008-04-10 17:26 --------- d-----w C:\ProgramData\InstallShield
2008-04-10 17:23 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 17:22 --------- d-----w C:\Program Files\ScanSoft
2008-04-10 17:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-10 17:20 --------- d-----w C:\ProgramData\Brother
2008-04-10 12:57 --------- d-----w C:\Program Files\Sun
2008-04-10 12:56 --------- d-----w C:\Program Files\Java
2008-04-10 12:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-10 12:18 --------- d-----w C:\Program Files\Google
2008-03-30 11:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 23:21 --------- d-----w C:\Users\lothar\AppData\Roaming\teamspeak2
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb7d98cb-b228-4ecb-acac-e7101156338e}]
2007-03-11 15:39 1293336 --a------ C:\Program Files\Techno4ever\tbTech.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FB7D98CB-B228-4ECB-ACAC-E7101156338E}"= "C:\Program Files\Techno4ever\tbTech.dll" [2007-03-11 15:39 1293336]

[HKEY_CLASSES_ROOT\clsid\{fb7d98cb-b228-4ecb-acac-e7101156338e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{FB7D98CB-B228-4ECB-ACAC-E7101156338E}"= C:\Program Files\Techno4ever\tbTech.dll [2007-03-11 15:39 1293336]

[HKEY_CLASSES_ROOT\clsid\{fb7d98cb-b228-4ecb-acac-e7101156338e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35 1196032]
"Steam"="c:\program files\steam\steam.exe" [2008-03-30 03:41 1271032]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"BitTorrent DNA"="C:\Users\lothar\Program Files\BitTorrent_DNA\dna.exe" [2007-08-06 21:05 232448]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-04-23 21:43 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 20:29 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 21:11 262401]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-08-16 09:56 1994800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 13:51 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 14:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-12-04 11:58 675840]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

C:\Users\lothar\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 21:58:18 122880]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-10 14:14:07 124400]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm

[HKLM\~\startupfolder\C:^Users^lothar^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Users\lothar\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\Windows\pss\Morpheus.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{F0FB0D39-D517-4FDD-966C-AC298CB695EB}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{28B6AC83-A083-4A58-BC15-BC25BA68CB95}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{C9B9F2FB-ECB4-4015-8507-94226A2AFC79}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{3ED3D620-EB29-4BC3-9262-45ED42C398C4}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{42B5F72D-ADC4-45B7-8B6F-E94D4C6E555D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{67CFD412-9BA8-4621-8F3E-4C2F09ADED17}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F12F23C7-EA41-4D25-8069-0FA8E1621EF8}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{EDCA05B4-22B9-4B24-B8AF-D5BF606309B1}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{C05B07BB-B5A7-4E61-9EE4-F36C58ADEFE8}C:\\program files\\steam\\steamapps\\hihoga\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hihoga\counter-strike source\hl2.exe:hl2
"UDP Query User{ED747C6B-B466-4A64-B49B-79AD8C294FEC}C:\\program files\\steam\\steamapps\\hihoga\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hihoga\counter-strike source\hl2.exe:hl2
"TCP Query User{5D620980-7A9E-46B1-9BE7-59786D86356C}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{2E32373A-BB85-4608-B24F-020399E8C324}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{8FAC4E9D-28D3-473A-A21C-F6428FAFDF22}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC
"UDP Query User{837FC853-52FF-4088-8BF9-256F232015E6}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC
"TCP Query User{9A3FF8CF-FFF2-4A04-97C2-FCDF10836047}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E7E1C0D7-D69A-4C35-AA55-2D12CE2CBCA9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{010D6422-4640-4C9D-9EDD-18CC1245A7AF}D:\\gta san andreas an rts-uqnt4o1nk7u\\gta_sa.exe"= UDP:\gta san andreas an rts-uqnt4o1nk7u\gta_sa.exe:gta_sa
"UDP Query User{FABA393C-F463-44E0-B9A3-DD8E7AFA2D8E}D:\\gta san andreas an rts-uqnt4o1nk7u\\gta_sa.exe"= TCP:\gta san andreas an rts-uqnt4o1nk7u\gta_sa.exe:gta_sa
"TCP Query User{8E4912A9-504B-4204-BECF-B5162947EE25}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{3E0D4FEE-6F1F-4A48-906D-6C93918760B8}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{7F9109D5-70E9-4380-AB25-B3AD8D07BDF3}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{7AC93793-2AB6-40F7-9F5B-1F96C9D31C0E}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{CB5486CB-9C25-445E-A42E-B18CD6B8706E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B2F8925C-FF9E-4DA8-B239-83BCADA8BDE3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DE19F20B-1789-4B1A-91FE-A38D12E88A3A}C:\\program files\\steam\\steamapps\\hihoga\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hihoga\counter-strike source\hl2.exe:hl2
"UDP Query User{31E24151-8035-4E80-A088-8A21F7A3A1C8}C:\\program files\\steam\\steamapps\\hihoga\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hihoga\counter-strike source\hl2.exe:hl2
"{7EA32DA9-3B2A-4349-A0D5-646A7BE190CA}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{5C57B53A-9DF8-426A-A26A-B4009361AB3B}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{4D38E638-754F-44D0-8115-F5D4E410DBDF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{6D74C28A-DAB0-436A-AAA5-CD9F2EF00886}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7CB1E600-DB18-44CD-99D1-66400247524F}C:\\program files\\steam\\steamapps\\counterlee086\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\counterlee086\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{026BCAA5-157C-4E01-9855-C473BEA57523}C:\\program files\\steam\\steamapps\\counterlee086\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\counterlee086\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{ABE7BCB9-30AA-47BB-B8F8-1175E040B4B8}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0F1AABC3-43E4-44D1-90DD-8ABA202185A7}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{4739100E-CD50-4C3C-9517-958046DCC037}"= UDP:C:\Program Files\PPLive\PPLive.exe:PPLive
"{0AEDC0D3-254E-49A7-8D7A-878555A31D17}"= TCP:C:\Program Files\PPLive\PPLive.exe:PPLive
"{EBB797BB-0506-4DA8-940D-1D8029CACC80}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29862163-2883-4400-9F18-43585BA8688C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{879EF577-5DB5-45ED-837C-60E539A2F284}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8019782E-7D19-4600-BC8C-25C76741E266}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4E8D1FA7-6CE7-4F2F-BAC5-B5603A16F572}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{03E47EAF-64DE-4777-B350-F0A67CE3F8BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2007-03-15 04:04]
R3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS \bcmwl6.sys [2006-11-02 09:30]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 04:04]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-01-20 11:37]

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-04-30 13:46:09 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-24 18:16:38 C:\Windows\Tasks\User_Feed_Synchronization-{0D101CEC-52BB-4A85-ADE7-F4B9FE9DD043}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 20:11:47
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


************************************************** ************************
.
Zeit der Fertigstellung: 2008-05-25 20:14:56
ComboFix-quarantined-files.txt 2008-05-25 18:13:45

20 Verzeichnis(se), 3,900,518,400 Bytes frei
28 Verzeichnis(se), 3,896,115,200 Bytes frei

198 --- E O F --- 2007-06-15 13:06:58

derfreak

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:20:53, on 25.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vsnp2std.exe
C:\Users\lothar\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\lothar\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:5002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files\Techno4ever\tbTech.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lothar\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B0518E-E422-440B-8347-3C51B8802062}: NameServer = 62.220.18.8 89.246.64.8
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9952 bytes

derfreak

Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\Windows *****
***** ***** ***** ***** *****

25.05.2008 PSEXESVC.EXE 20 14:53.248
25.05.2008 system.ini 20 11:243
25.05.2008 WindowsUpdate.log 20 04:1.543.239
25.05.2008 bootstat.dat 19 40:67.584
23.05.2008 _MSRSTRT.EXE 21 46:2.560
01.05.2008 win.ini 22 56:244
10.04.2008 BRPP2KA.INI 19 36:27
10.04.2008 BRWMARK.INI 19 36:425
10.04.2008 brpcfx.ini 19 35:93
10.04.2008 Brpfx04a.ini 19 35:212
23.12.2007 psnetwork.ini 21 38:52
06.10.2007 NeoSetup.INI 23 16:26
23.07.2007 Qiii.INI 14 19:700
20.06.2007 PowerReg.dat 21 11:0
18.05.2007 nsreg.dat 20 49:0
15.05.2007 Setup1.exe 15 09:253.952
15.05.2007 ST6UNST.EXE 15 09:74.752
15.02.2007 brunin03.dll 13 54:131.072
05.02.2007 NeoUninstall.exe 13 11:139.264
06.01.2007 atiogl.xml 00 21:11.441
04.12.2006 vsnp2std.exe 11 58:675.840
02.11.2006 WindowsShell.Manifest 14 50:749
02.11.2006 WMSysPr9.prx 14 35:316.640
02.11.2006 twunk_16.exe 14 34:49.680
02.11.2006 twunk_32.exe 14 34:31.232
02.11.2006 twain_32.dll 14 34:50.688
02.11.2006 twain.dll 14 34:94.784


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\Windows\system32 *****
***** ***** ***** ***** *****

25.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 19 36:4.064
25.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 19 36:4.064
Netlog 25.05.2008 Uninstall 14 18:385.024
23.05.2008 perfh009.dat 15 32:610.142
23.05.2008 perfc009.dat 15 32:103.924
23.05.2008 perfh007.dat 15 32:641.344
23.05.2008 perfc007.dat 15 32:116.706
23.05.2008 PerfStringBackup.INI 15 32:1.461.736
10.04.2008 FNTCACHE.DAT 20 04:259.584
10.04.2008 bridf07a.dat 19 35:50
10.04.2008 jupdate-1.6.0_03-b05.log 14 56:5.636
10.02.2008 rmoc3260.dll 13 51:185.944
10.02.2008 pndx5032.dll 13 51:5.632
10.02.2008 pndx5016.dll 13 51:6.656
10.02.2008 msvcp71.dll 13 51:499.712
10.02.2008 pncrt.dll 13 51:278.528
03.12.2007 PSNetwork.dll 17 13:652.448
03.12.2007 PowerPlayer.dll 17 12:418.464
18.10.2007 sirenacm.dll 12 31:51.224
11.10.2007 LegitCheckControl.DLL 15 12:1.468.968
24.09.2007 javacpl.cpl 23 31:69.632
24.09.2007 javaws.exe 23 31:139.264
24.09.2007 javaw.exe 22 30:135.168
24.09.2007 java.exe 22 30:135.168
18.09.2007 divxdec.ax 14 24:729.088
17.09.2007 divx_xx07.dll 20 23:823.296
17.09.2007 divx_xx0c.dll 20 23:823.296
17.09.2007 DivX.dll 20 22:739.840
17.09.2007 divx_xx11.dll 20 22:802.816
12.09.2007 DivXCodecVersionChecker.exe 01 14:156.992
21.08.2007 dpl100.dll 02 26:81.920
21.08.2007 dpl100.dll.manifest 02 26:416
21.08.2007 dtu100.dll.manifest 02 26:416
21.08.2007 dtu100.dll 02 26:196.608
16.08.2007 dsm_de.qm 00 33:10.152
16.08.2007 DivXsm.exe 00 33:524.288
16.08.2007 divxsm.tlb 00 33:4.816
16.08.2007 qt-dx331.dll 00 33:3.596.288
16.08.2007 pxmas.dll 00 33:187.128
16.08.2007 pxwave.dll 00 33:379.640
16.08.2007 pxhpinst.exe 00 33:72.440
16.08.2007 pxafs.dll 00 33:129.784
16.08.2007 pxinsi64.exe 00 33:118.520
16.08.2007 pxsfs.dll 00 33:1.628.920
16.08.2007 pxcpyi64.exe 00 33:120.056
16.08.2007 px.dll 00 33:551.672
16.08.2007 pxdrv.dll 00 33:518.904


***** ***** ***** ***** *****
***** Scanning C:\Windows\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 28 K
System 4 Services 0 3.884 K
smss.exe 352 Services 0 88 K
csrss.exe 424 Services 0 1.840 K
wininit.exe 476 Services 0 196 K
csrss.exe 488 Console 1 6.820 K
services.exe 524 Services 0 3.508 K
winlogon.exe 552 Console 1 1.608 K
lsass.exe 568 Services 0 3.180 K
lsm.exe 580 Services 0 1.332 K
svchost.exe 740 Services 0 4.056 K
svchost.exe 796 Services 0 4.084 K
svchost.exe 832 Services 0 16.136 K
Ati2evxx.exe 912 Services 0 804 K
svchost.exe 948 Services 0 6.260 K
svchost.exe 1000 Services 0 56.320 K
svchost.exe 1012 Services 0 18.148 K
audiodg.exe 1116 Services 0 7.476 K
SLsvc.exe 1152 Services 0 1.444 K
svchost.exe 1184 Services 0 7.656 K
svchost.exe 1364 Services 0 14.804 K
Ati2evxx.exe 1444 Console 1 2.284 K
spoolsv.exe 1640 Services 0 3.696 K
avguard.exe 1664 Services 0 1.956 K
svchost.exe 1680 Services 0 7.100 K
dwm.exe 732 Console 1 43.960 K
MSASCui.exe 1352 Console 1 11.284 K
winampa.exe 716 Console 1 972 K
avgnt.exe 1672 Console 1 1.900 K
realsched.exe 728 Console 1 592 K
pptd40nt.exe 892 Console 1 748 K
BrMfcWnd.exe 1048 Console 1 1.480 K
vsnp2std.exe 1268 Console 1 1.020 K
dna.exe 876 Console 1 2.648 K
PicasaMediaDetector.exe 264 Console 1 1.256 K
msnmsgr.exe 292 Console 1 14.776 K
GoogleUpdater.exe 2060 Console 1 1.036 K
MOM.exe 2076 Console 1 5.284 K
soffice.exe 2116 Console 1 132 K
BrccMCtl.exe 2140 Console 1 3.048 K
soffice.bin 2148 Console 1 4.092 K
BrMfcMon.exe 2204 Console 1 1.900 K
sched.exe 2408 Services 0 828 K
GoogleUpdaterService.exe 2492 Services 0 996 K
svchost.exe 2720 Services 0 1.536 K
svchost.exe 2760 Services 0 2.004 K
svchost.exe 2800 Services 0 516 K
taskeng.exe 3100 Services 0 1.012 K
taskeng.exe 3252 Console 1 4.536 K
unsecapp.exe 3508 Console 1 2.164 K
WmiPrvSE.exe 3584 Services 0 2.348 K
CCC.exe 1432 Console 1 7.588 K
ICQ.exe 3768 Console 1 51.432 K
firefox.exe 5852 Console 1 93.452 K
conime.exe 4316 Console 1 3.468 K
SearchIndexer.exe 5832 Services 0 20.564 K
explorer.exe 3544 Console 1 39.956 K
HijackThis.exe 2644 Console 1 14.772 K
SearchProtocolHost.exe 5408 Services 0 8.620 K
SearchFilterHost.exe 5608 Services 0 5.344 K
WinRAR.exe 4516 Console 1 14.936 K
cmd.exe 5448 Console 1 2.976 K
tasklist.exe 1524 Console 1 4.544 K
WmiPrvSE.exe 5716 Services 0 5.616 K



Microsoft Windows [Version 6.0.6000]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 25.05.2008 um 20:23:05,36 ***