ich habe ein virus/bzw trojaner

The Unity · 13.07.2009, 17:43

Hallo,

Mir wurden per icq 2 Bilder geschickt, diese sich nicht öffnen liesen sondern nur anfingen zu laden mit der sanduhr aber dann weg war seitdem ich die versucht ahbe zu öffnen kann ich nicht mehr ins internet , nicht mehr icq, kann keine ordner mehr verschieben bzw sachen deinsterlieren oder löschen , kann keine musik mehr abspielen, audio karte wird garnicht mehr angezeigt..

HAbe jetzt versucht per Eingabeaufforderung das zu machen da kommt immer die meldung: Das laufwerk volum wird verwendet. aber alles ist aus nichts läuft.

Ich weis nicht mehr weiter was ich machen soll.

The Unity · 13.07.2009, 18:15

hallo, die seite ist nicht erreichbar. :-(

john.doe · 13.07.2009, 18:20

Hallo und

Klicke bitte auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

The Unity · 13.07.2009, 18:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:50, on 13.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Bing:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\system32\svchost.exe
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\WINDOWS\command.com" /c del "C:\DOKUME~1\Kevin\LOKALE~1\Temp\uninstal.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1547161642-1715567821-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1715567821-839522115-1004\..\Run: [QUAD Windows service] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1547161642-1715567821-839522115-1004 Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6729 bytes

john.doe · 13.07.2009, 18:25

Edit: Schon erledigt.

The Unity · 13.07.2009, 18:31

Kann mir bitte jemand helfen:-(

john.doe · 13.07.2009, 18:43

Klicke bitte auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

Wenn du das Log von Malwarebytes und die beiden Logs von RSIT gepostest hast, dann geht es weiter.

ciao, andreas

The Unity · 13.07.2009, 19:01

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kevin at 2009-07-13 20:00:25
WIN_XP Service Pack 2
System drive C: has 68 GB (86%) free of 79 GB
Total RAM: 479 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:26, on 13.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\CCleaner\CCleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Kevin\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Kevin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Bing:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Suche Deutschland Toolbar - {937f343c-c9c2-4235-b544-7fc4da2f2594} - C:\Programme\Suche_Deutschland\tbSuc1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\system32\svchost.exe
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\WINDOWS\command.com" /c del "C:\DOKUME~1\Kevin\LOKALE~1\Temp\uninstal.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1547161642-1715567821-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1715567821-839522115-1004\..\Run: [QUAD Windows service] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1547161642-1715567821-839522115-1004 Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6983 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
Suche Deutschland Toolbar - C:\Programme\Suche_Deutschland\tbSuc1.dll [2009-07-10 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{937f343c-c9c2-4235-b544-7fc4da2f2594} - Suche Deutschland Toolbar - C:\Programme\Suche_Deutschland\tbSuc1.dll [2009-07-10 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"SiSRaid"=C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-05-18 905216]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]
"HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2006-02-28 212992]
"winupd"=C:\WINDOWS\system32\svchost [2009-07-10 4440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"msnmsgr"=~C:\Programme\Windows Live\Messenger\msnmsgr.exe /background []
"QUAD Scheduler"=C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe [2009-01-21 61440]
"QUAD Windows service"=C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe [2009-07-10 16016136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-04-01 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2008-12-12 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Programme\SweetIM\Messenger\SweetIM.exe [2009-01-13 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
[]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Dokumente und Einstellungen\Kevin\Startmenü\Programme\Autostart
Stardock ObjectDock.lnk - C:\Programme\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\devolo\informer\devinf.exe"="C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programme\devolo\easyshare\easyshare.exe"="C:\Programme\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe

======List of files/folders created in the last 1 months======

2009-07-13 19:59:55 ----D---- C:\rsit
2009-07-13 19:54:54 ----D---- C:\Programme\CCleaner
2009-07-13 19:21:24 ----D---- C:\Programme\Trend Micro
2009-07-13 18:54:42 ----D---- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\QUAD Backups
2009-07-13 18:54:21 ----D---- C:\Programme\QUAD Utilities
2009-07-12 00:11:04 ----ASH---- C:\BOOT.BAK
2009-07-12 00:10:48 ----D---- C:\$WIN_NT$.~BT
2009-07-12 00:10:48 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-11 13:18:32 ----D---- C:\WINDOWS\pss
2009-07-10 12:37:50 ----A---- C:\Programme\Firefox_Setup_3.5.exe
2009-07-10 12:37:07 ----A---- C:\Programme\install_icq65.exe
2009-07-10 00:56:00 ----D---- C:\Programme\Spybot - Search & Destroy
2009-07-10 00:56:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-07-13 19:57:36 ----D---- C:\WINDOWS\Debug
2009-07-13 19:57:36 ----D---- C:\WINDOWS
2009-07-13 19:57:35 ----D---- C:\WINDOWS\Temp
2009-07-13 19:54:54 ----RD---- C:\Programme
2009-07-13 18:51:44 ----D---- C:\Programme\Mozilla Firefox
2009-07-13 18:29:13 ----D---- C:\WINDOWS\system32\config
2009-07-13 18:27:30 ----D---- C:\WINDOWS\system32
2009-07-13 18:27:30 ----D---- C:\Programme\Windows Media Player
2009-07-13 18:23:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-13 18:23:28 ----HD---- C:\WINDOWS\inf
2009-07-13 18:23:28 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 18:21:07 ----D---- C:\Programme\capella-software
2009-07-12 01:16:17 ----RASH---- C:\boot.ini
2009-07-12 01:16:17 ----A---- C:\WINDOWS\win.ini
2009-07-12 01:16:17 ----A---- C:\WINDOWS\system.ini
2009-07-12 00:34:16 ----D---- C:\Programme\devolo
2009-07-10 12:42:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-10 12:36:03 ----D---- C:\Programme\Suche_Deutschland
2009-07-10 00:56:37 ----D---- C:\WINDOWS\Prefetch
2009-07-03 12:34:48 ----D---- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\ICQ
2009-06-29 17:07:38 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-25 11904]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; C:\WINDOWS\system32\plcndis5.sys [2004-05-17 17280]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-03 261632]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-26 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-26 21488]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver; C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys [2007-08-13 21392]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-12 152984]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2008-07-09 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-02-26 65795]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost [2009-07-10 4440]

-----------------EOF-----------------

The Unity · 13.07.2009, 19:02

ANALYSE komplett - (0.912 Sek)
------------------------------------------------------------------------------------------
0 Byte zu entfernen. (Ungefähre Größe)
------------------------------------------------------------------------------------------

Details der zu löschenden Dateien (Hinweis: Es wurden noch keine Dateien gelöscht)
------------------------------------------------------------------------------------------
Der Firefox/Mozilla Internet-Cache wurde übersprungen.
------------------------------------------------------------------------------------------

The Unity · 13.07.2009, 19:11

mehr zeigt der mir nicht an da ich gestern schon sowas gemacht hatte deswegen wird das 2. nicht insterliert. sondern sofort der bericht angezeigt.. der lange

john.doe · 13.07.2009, 19:13

Jetzt fehlt noch das Log von Malwarebytes oder bekommst du das nicht installiert?

ciao, andreas

The Unity · 13.07.2009, 19:17

ne, elider nicht da kommt..:runtime erroer 372 am ende der instalation

john.doe · 13.07.2009, 19:25

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

The Unity · 13.07.2009, 20:16

ComboFix 09-07-13.01 - Kevin 13.07.2009 21:07.2.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\Kevin\Eigene Dateien\Downloads\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2009-06-13 bis 2009-07-13 ))))))))))))))))))))))))))))))
.

2009-07-13 18:16 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:16 . 2009-07-13 18:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-13 18:16 . 2009-07-13 18:16 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-07-13 18:16 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 17:59 . 2009-07-13 17:59 -------- d-----w- C:\rsit
2009-07-13 17:54 . 2009-07-13 17:54 -------- d-----w- c:\programme\CCleaner
2009-07-13 17:21 . 2009-07-13 17:21 -------- d-----w- c:\programme\Trend Micro
2009-07-11 22:10 . 2009-07-11 22:10 -------- d-----w- C:\$WIN_NT$.~BT
2009-07-10 10:37 . 2009-07-10 10:40 7946536 ----a-w- c:\programme\Firefox_Setup_3.5.exe
2009-07-10 10:37 . 2009-07-10 10:37 16786752 ----a-w- c:\programme\install_icq65.exe
2009-07-09 22:56 . 2009-07-10 10:31 -------- d-----w- c:\programme\Spybot - Search & Destroy
2009-07-09 22:56 . 2009-07-10 10:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 16:21 . 2008-12-11 19:49 -------- d-----w- c:\programme\capella-software
2009-07-11 22:34 . 2008-12-11 18:36 -------- d-----w- c:\programme\devolo
2009-07-10 10:36 . 2009-06-06 16:20 -------- d-----w- c:\programme\Suche_Deutschland
2009-07-03 10:34 . 2008-12-11 18:41 -------- d-----w- c:\dokumente und einstellungen\Kevin\Anwendungsdaten\ICQ
2009-06-08 16:44 . 2009-06-08 16:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\BVRP Software
2009-06-08 16:37 . 2009-06-08 16:37 148736 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpeF0.dll
2009-06-08 16:37 . 2009-06-08 16:37 148736 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpeF0.dll
2009-06-08 16:36 . 2009-06-08 16:36 -------- d-----w- c:\programme\Sony Ericsson
2009-06-08 16:36 . 2009-06-08 16:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2009-06-08 16:36 . 2008-12-11 18:41 -------- d--h--w- c:\programme\InstallShield Installation Information
2009-06-07 21:31 . 2009-03-20 11:33 -------- d-----w- c:\programme\Fake Webcam
2009-06-07 21:29 . 2009-03-21 19:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-06-07 21:25 . 2009-03-31 20:51 -------- d-----w- c:\programme\Gemeinsame Dateien\Stardock
2009-06-07 21:24 . 2009-06-07 21:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-07 21:16 . 2009-03-12 21:58 -------- d-----w- c:\programme\Davilex
2009-06-07 13:09 . 2009-06-07 13:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution
2009-06-07 13:09 . 2009-06-07 13:09 -------- d-----w- c:\programme\RapidSolution
2009-06-06 16:20 . 2009-06-06 16:20 -------- d-----w- c:\programme\Conduit
2009-05-15 17:10 . 2008-12-11 21:26 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield
2009-05-07 15:42 . 2006-02-28 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:51 . 2006-02-28 12:00 665088 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 11:10 . 2006-02-28 12:00 75194 ----a-w- c:\windows\system32\perfc007.dat
2009-04-21 11:10 . 2006-02-28 12:00 415800 ----a-w- c:\windows\system32\perfh007.dat
2009-04-19 20:06 . 2006-02-28 12:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2006-02-28 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-24 14:27 . 2009-07-10 10:41 137208 ----a-w- c:\programme\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-04-14 02:23 14336 4FBC75B74479C7A6F829E0CA19DF3366 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\svchost.exe
[-] 2006-02-28 12:00 14336 65A819B121EB6FDAB4400EA42BDFFE64 c:\windows\system32\svchost.exe
[-] 2006-02-28 12:00 14336 65A819B121EB6FDAB4400EA42BDFFE64 c:\windows\system32\dllcache\svchost.exe

[-] 2005-03-02 18:19 578560 4C90159A69A5FD3EB39C71411F28FCFF c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 579584 78785EFF8CB90CEC1862A4CCFD9A3C3A c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2006-02-28 12:00 578560 56785FD5236D7B22CF471A6DA9DB46D8 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 578560 3751D7CF0E0A113D84414992146BCE6A c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 02:22 580096 B0050CC5340E3A0760DD8B417FF7AEBD c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\user32.dll
[-] 2007-03-08 15:36 579072 492E166CFD26A50FB9160DB536FF7D2B c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 579072 492E166CFD26A50FB9160DB536FF7D2B c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 02:22 82432 6A35E2D6F5F052C84EC2CEB296389439 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ws2_32.dll
[-] 2006-02-28 12:00 82944 D569240A22421D5F670BB6FB6DD522B5 c:\windows\system32\ws2_32.dll
[-] 2006-02-28 12:00 82944 D569240A22421D5F670BB6FB6DD522B5 c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-10-16 10:22 673280 3BDCD8E52A29A36F2A4D76789DF37FE1 c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 01:00 671744 10A2C485838D5B95CCF7905E21E9A80A c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 01:03 672768 7DBE34DA22CAB4BE922638540048379F c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2009-02-20 08:14 673792 2A35B8EAB65D43244F64DF891FBD3C21 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[-] 2009-02-20 08:09 671744 34D8090A7B1AE7975FAE5259BF840849 c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 07:51 673280 DE271547E700E38226FB0DE0BA34D37A c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2009-04-29 04:30 673792 1921E9AE3EEDF5966666E5C46DE9E3A1 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[-] 2009-04-29 04:33 672256 7A9E3F9ED0B2772F352571D26D0A164E c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 04:28 673792 4926F4F45F9400B8F535E5F5443A54BA c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2006-02-28 12:00 662016 B1A1DA99C4A6EBFD59F86A453BF02F39 c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-10-16 10:37 665088 8F865B36EA1C77A4F1F0E118560F5775 c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2009-02-20 08:29 665088 D6C05CF7EA4617375C57941E867648C4 c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2008-04-14 02:22 671744 B4AEE98A48917B274FACFB78BBE0BC84 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\wininet.dll
[-] 2009-04-29 04:51 665088 8134E79429BBA1E37FAB26F5A84E1CF5 c:\windows\system32\wininet.dll
[-] 2009-04-29 04:51 665088 8134E79429BBA1E37FAB26F5A84E1CF5 c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:23 513024 F09A527B422E25C478E38CAA0E44417A c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\winlogon.exe
[-] 2006-02-28 12:00 507392 2B6A0BAF33A9918F09442D873848FF72 c:\windows\system32\winlogon.exe
[-] 2006-02-28 12:00 507392 2B6A0BAF33A9918F09442D873848FF72 c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ndis.sys
[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ip6fw.sys
[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:11 2059264 AE8364004BBFD70461D2EF34888D3360 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:39 2065280 84C1C109552E9E276FF004E181B80C25 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-10 17:03 2068352 321917CFF934663C48C1E91A930E5D71 c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 11:14 2068480 1F9DA92672B8B5720C5FB1E87D8F249F c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:36 2065280 8F54D426024BC7E45A6F32253BBB572E c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 18:22 2068352 C789B5AEA9AB71C5BEF6DD568F744842 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:42 2060032 3DCD95B15B45DE01C44FD4FC1160D504 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2006-02-28 12:00 2059136 CE41FC4C06499A389D39B301879535FB c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-09 11:47 2060032 388823CCBA5AAA6FF70F04101EB1479E c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:00 2068224 E51980EF65CED4490A7395A06C08DA34 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ntkrnlpa.exe
[-] 2009-02-09 11:47 2060032 388823CCBA5AAA6FF70F04101EB1479E c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 11:47 2060032 388823CCBA5AAA6FF70F04101EB1479E c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:11 2181888 EB5538A452E0E99169E2B6CDB62FF9D2 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 11:39 2188416 E22124EC3A33F40755DCD2F4B1BE8A87 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 11:21 2191360 FEE1600B76B196D9993CD468DA7524F7 c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-10 17:12 2191488 D3453310FC92736E674FFDC6E3F455B7 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:36 2188288 C7153F3F41C63C8CB912E973F2780495 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 18:22 2191488 59282EFE7147C011530E51FF92BA86AC c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:42 2182656 9E34765C5E64D60391ABBDE38AF16257 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2006-02-28 12:00 2183296 DC888C9C4CA0EEA7A3CB7E6B610F75C7 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:47 2182784 61AE4B9B378CD5B0B2D4BA7346991263 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:00 2191360 354C9291513BCE4D0ED6B0C6A15470F8 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ntoskrnl.exe
[-] 2009-02-09 11:47 2182784 61AE4B9B378CD5B0B2D4BA7346991263 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:47 2182784 61AE4B9B378CD5B0B2D4BA7346991263 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2007-06-13 13:21 1036288 64D320C0E301EEDC5A4ADBBDC5024F7F c:\windows\explorer.exe
[-] 2007-06-13 13:10 1036288 331ED93570BAF3CFE30340298762CD56 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-02-28 12:00 1035264 22FE1BE02EADDE1632E478E4125639E0 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:22 1036800 418045A93CD87A352098AB7DABE1B53E c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\explorer.exe
[-] 2007-06-13 13:21 1036288 64D320C0E301EEDC5A4ADBBDC5024F7F c:\windows\system32\dllcache\explorer.exe

[-] 2009-02-09 09:48 111104 A07CA23EA361A01E627D911CF139B950 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:21 111104 A3EDBE9053889FB24AB22492472B39DC c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 F0A7D59AF279326528715B206669B86C c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2006-02-28 12:00 108544 EDB6B81761BD60F32F740BBC40AFB676 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:22 109056 4BB6A83640F1D1792AD21CE767B621C6 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\services.exe
[-] 2009-02-09 10:04 111104 65F6B774819BD727358157CEDEA67B8E c:\windows\system32\services.exe
[-] 2009-02-09 10:04 111104 65F6B774819BD727358157CEDEA67B8E c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 02:22 13312 AFB8261B56CBA0D86AEB6DF682AF9785 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\lsass.exe
[-] 2006-02-28 12:00 13312 183805EB05BCA5A1E4AAAED4D2BE3690 c:\windows\system32\lsass.exe
[-] 2006-02-28 12:00 13312 183805EB05BCA5A1E4AAAED4D2BE3690 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 02:22 15360 01B4E6E990B6C5EA8856D96C7FD044B2 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ctfmon.exe
[-] 2006-02-28 12:00 15360 7CE20569925DF6789C31799F0C538F29 c:\windows\system32\ctfmon.exe
[-] 2006-02-28 12:00 15360 7CE20569925DF6789C31799F0C538F29 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2006-02-28 12:00 57856 54E7113A4BD696E430919BCAF5C65E06 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 02:23 57856 39356A9CDB6753A6D13A4072A9F5A4BB c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 02:23 26624 788F95312E26389D596C0FA55834E106 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\userinit.exe
[-] 2006-02-28 12:00 25088 D1E53DC57143F2584B1DD53B036C0633 c:\windows\system32\userinit.exe
[-] 2006-02-28 12:00 25088 D1E53DC57143F2584B1DD53B036C0633 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 02:22 297472 B7DE02C863D8F5A005A7BF375375A6A4 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\termsrv.dll
[-] 2006-02-28 12:00 297472 1850BC10DE5DCCCEDE063FC2D0F2CEDA c:\windows\system32\termsrv.dll
[-] 2006-02-28 12:00 297472 1850BC10DE5DCCCEDE063FC2D0F2CEDA c:\windows\system32\dllcache\termsrv.dll

[-] 2007-04-16 16:09 1059840 5D0974BD58808FACA5D2C437B6FC8D85 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 1062912 B6053A5FA67EAC4A292A44F585881FFF c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 1063424 B055C64AABC1A3E3DE57EC8025CAD283 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 1065472 3EB703BFC2ED26A3D8ACB8626AB2C006 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2006-02-28 12:00 1057280 E6CD85D0D37416CF138F01F4BB0FC872 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:53 1058304 8EEA8280A1E0E794EDFCCAD3721C7CAB c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:22 1063424 4C897C69754D88F496339B1A666907C1 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\kernel32.dll
[-] 2009-03-21 14:20 1059840 A6F4977F9D2C9506050BFF0EF0B574B5 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:20 1059840 A6F4977F9D2C9506050BFF0EF0B574B5 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 02:22 17408 C8C0BDABC966B6C24D337DF0A0A399E1 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\powrprof.dll
[-] 2006-02-28 12:00 17408 5604574D490B798BD9A946B021A766AD c:\windows\system32\powrprof.dll
[-] 2006-02-28 12:00 17408 5604574D490B798BD9A946B021A766AD c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 02:22 110080 F9954695D246B33A5BF105029A4C6AB6 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\imm32.dll
[-] 2006-02-28 12:00 110080 94101D13A1818A9D08337EEC12ED277A c:\windows\system32\imm32.dll
[-] 2006-02-28 12:00 110080 94101D13A1818A9D08337EEC12ED277A c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 02:22 1571840 5251425B86EA4A3532B8BB8D14044E61 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\sfcfiles.dll
[-] 2006-02-28 12:00 1548288 80F7B7198B869C07C98627AF812D68B6 c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 12:00 1548288 80F7B7198B869C07C98627AF812D68B6 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 01:58 25216 1704D8C4C8807B889E43C649B478A452 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\kbdclass.sys
[-] 2006-02-28 12:00 25216 B128FC0A5CD83F669D5DE4B58F77C7D6 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 02:22 846848 D0DE8A2EC95184E5193BB4B3112E29DF c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\comres.dll
[-] 2006-02-28 12:00 846848 4B9D9E2708019763C5A72DA776DB1158 c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 846848 4B9D9E2708019763C5A72DA776DB1158 c:\windows\system32\dllcache\comres.dll

[-] 2008-04-14 02:22 22016 F38F3C47BBFFD748C1359AB171C3A630 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\lpk.dll
[-] 2006-02-28 12:00 22016 B4AD65C79F85C61D32C015B11E03CAAD c:\windows\system32\lpk.dll
[-] 2006-02-28 12:00 22016 B4AD65C79F85C61D32C015B11E03CAAD c:\windows\system32\dllcache\lpk.dll

[-] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2006-02-28 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-28 12:00 924432 31DD27AB47F62D383505F35CA972748B c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 02:22 927504 ACC19BA6876AF18768EE87931CAD14E2 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\mfc40u.dll
[-] 2006-11-01 19:17 927504 B80F1D82969BD31392F1867936E96448 c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 927504 B80F1D82969BD31392F1867936E96448 c:\windows\system32\dllcache\mfc40u.dll

[-] 2005-04-28 19:35 396288 434A27912D53BF3FB6C1CE37BAFA5CF6 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:29 398336 DBA9F9C00A7A2B45EB8E451C2B6D10E9 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:00 401408 8AFBC2E1E5555A1C29953AF854F0FCA5 c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2009-02-09 10:51 401408 3127AFBF2C1ED0AB14A1BBB7AAECB85B c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 10:54 401408 D3D765E8455A961AE567B408F767D4F9 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2006-02-28 12:00 395776 9F28FF58D6D67B123272869D89D14004 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 A9219270CA2E5DDB52828E7AB7268B82 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 891E3E4537C6DFCAE475073FC49CE9CB c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 02:22 399360 E970C2296916BF4A2F958680016FE312 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\rpcss.dll
[-] 2009-02-09 10:18 399360 D45BBCDDC74A1B0259A0C4B00C190D20 c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:18 399360 D45BBCDDC74A1B0259A0C4B00C190D20 c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-14 02:22 33792 B7550A7107281D170CE85524B1488C98 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\msgsvc.dll
[-] 2006-02-28 12:00 33792 E5215AB942C5AC5F7EB0E54871D7A27C c:\windows\system32\msgsvc.dll
[-] 2006-02-28 12:00 33792 E5215AB942C5AC5F7EB0E54871D7A27C c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-02-28 12:00 611328 2CF914215226B3F7FA1AE4A47E4D261C c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 02:22 617472 AD28671D1B83A386B070DC451A113C13 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\comctl32.dll
[-] 2008-04-14 02:20 1054208 3C93CE6C6985C55952B7BE6673E9FD15 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:46 617472 EE82D1393169AC6BDF6016F4EA8D2B79 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:46 617472 EE82D1393169AC6BDF6016F4EA8D2B79 c:\windows\system32\dllcache\comctl32.dll
[-] 2006-02-28 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\18645\comctl32.dll
[-] 2006-02-28 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 12:00 1050624 9D0F57B9C65BF8A07DB655A9ED6EB2EE c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:46 1054208 F64451D07B9368B46AB31172D56D1804 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2006-02-28 12:00 12160 9E1CA3160DAFB159CA14F83B1E317F75 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 02:22 5120 44161A59DC33AC2EA9C95438ADFFFB7F c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\sfc.dll
[-] 2006-02-28 12:00 5120 F62934BC94299083EBFC8810242D8640 c:\windows\system32\sfc.dll
[-] 2006-02-28 12:00 5120 F62934BC94299083EBFC8810242D8640 c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 02:22 438272 56AF4064996FA5BAC9C449B1514B4770 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\ntmssvc.dll
[-] 2006-02-28 12:00 438272 428AA946A8D9F32DBB4260C8E6E13377 c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 438272 428AA946A8D9F32DBB4260C8E6E13377 c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 02:22 88576 F5BA6CACCDB66C8F048E867563203246 c:\windows\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\rasauto.dll
[-] 2006-02-28 12:00 89088 E3C6E87C1F84584A773D7C3DD205DBFF c:\windows\system32\rasauto.dll
[-] 2006-02-28 12:00 89088 E3C6E87C1F84584A773D7C3DD205DBFF c:\windows\system32\dllcache\rasauto.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-13_18.40.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 19:01 . 2009-07-13 19:01 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\tbSuc1.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
2009-07-10 10:36 2215960 ----a-w- c:\programme\Suche_Deutschland\tbSuc1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

The Unity · 13.07.2009, 20:20

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\tbSuc1.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{937F343C-C9C2-4235-B544-7FC4DA2F2594}"= "c:\programme\Suche_Deutschland\tbSuc1.dll" [2009-07-10 2215960]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SiSRaid"="c:\programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 905216]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2006-02-28 212992]
"winupd"="c:\windows\system32\svchost.exe" [2006-02-28 14336]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-08-25 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\devolo\\informer\\devinf.exe"=
"c:\\Programme\\devolo\\easyshare\\easyshare.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-07-09 26488]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-08-13 21392]
S0 SiSRaid1;SiSRaid1;c:\windows\system32\DRIVERS\SiSRaid1.sys [2004-09-03 46464]
S2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [2004-05-17 17280]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2303923
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Kevin\Anwendungsdaten\Mozilla\Firefox\Profiles\mkl9wcis.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\dokumente und einstellungen\Kevin\Anwendungsdaten\Mozilla\Firefox\Profiles\mkl9wcis.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-13 21:09
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winupd = c:\windows\system32\svchost.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????????????????

Scanne versteckte Dateien...

ich habe ein virus/bzw trojaner

Log-Analyse und Auswertung: ich habe ein virus/bzw trojaner