Zitat:

Was soll ich mit "NWEReboot" machen?? Systemsuche??

In meiner Sigantur findet sich ein Link "Dateien Suche und finden".

Zitat:

Und " C:\WINDOWS\WEMBG.EXE " hab ich bei Kaspersky durchlaufen lassen, ohne Erfolg, also ohne Meldung !

Wie? Hast du eine Antwort per E-Mail bekommen? Poste bitte den Inhalt.

Bei Virustotal musst du jede Datei einzelnd auswerten lassen. Und schreibe bitte drüber welche Datei zu welcher Auswertung gehört.
Alle die im Zitat-Kasten stehen..

NWEReboot hab ich suche lassen, zeigt mir nichts an!!

Dateisendung an Kasersky, kamen 2 Email zurück:

Keine Log´s o.ä.
Inhalt:

+OK
Subject: 1 neue Mails in Ihrem Spamverdacht-Ordner
Date: Thu, 22 May 2008 07:44:15 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0062_01C754E9.9143AECF"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-GMX-UID: FzoGfKgdX1Vov6MUq2Fygi1ySDc4NMyy

+OK Nachricht folgt/message follows
Precedence: list
Subject: Gratis Blockbuster =?ISO-8859-1?Q?f=FCr_Sie_-_unser_Dankesch=F6n!?=
Content-Type: multipart/alternative; boundary="----Start_Smart_mit_WEB.DE"
MIME-Version: 1.0

Ohne Sendung von Links, deswegen wurde ich schon verwarnt, obwohl die in den Log´s drin standen, kann ich doch nix für!!

Ich hab die Datei nochmal weg geschickt, weil ich ja keine Log erhalten hab.
Die sollte ich richtig per Email zugeschickt bekommen??

Nun zu den Log´s von Virustotal...!
1. C:\WINDOWS\System32\sw24.exe
File size: 69632 bytes
MD5...: ec308d504c0ead9184019340e335f778
SHA1..: fb93bb85b3c458ef6f37a0d18ca3e961f9821cbf
SHA256: 08196365a3ff17c7e8c4551a5d1e972f9296bc28680e8dcec1c64ded485aeab0
SHA512: 1c103ce0ea012300a4c1fd363ca38ed78748c50b842a01e2a16ba3d37593bff0
fd9e955a3d2d6207dd7ce877af4097b27f476b10a743101b1b86b7dd5e89d6b0
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4026c3
timedatestamp.....: 0x42c8c92b (Mon Jul 04 05:29:15 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xac74 0xb000 6.54 67e62339018beca0c27aa0733651ab8c
.rdata 0xc000 0x27ee 0x3000 4.89 b11b99e96dba8e0274a306b9ff5a02e0
.data 0xf000 0x2b18 0x1000 2.37 e8d5fa12c2e0d4d9827218e65973aaf2
.rsrc 0x12000 0x9f0 0x1000 3.84 9160f7270dbf051381e725cbffc143f7

( 2 imports )
> KERNEL32.dll: GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, GetLastError, FreeLibrary, GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateFileA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, HeapSize, GetOEMCP, GetCPInfo, GetConsoleMode, GetConsoleCP, SetFilePointer, Sleep, GetLocaleInfoA, GetACP, HeapAlloc, HeapFree, VirtualAlloc, GetModuleHandleA, VirtualQuery, RtlUnwind, RaiseException, HeapReAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, TlsAlloc, InterlockedIncrement, SetLastError, InterlockedDecrement, TlsFree, TlsSetValue, TlsGetValue, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, InitializeCriticalSection
> USER32.dll: LoadAcceleratorsA, GetMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, CreateWindowExA, ShowWindow, UpdateWindow, SendMessageA, LoadIconA, LoadCursorA, RegisterClassExA, LoadStringA, DefWindowProcA, DestroyWindow, DialogBoxParamA, BeginPaint, EndPaint, PostQuitMessage, EndDialog

2.C:\WINDOWS\System32\sw20.exe
Time Error

3.C:\WINDOWS\system32\Suchspur.dll
0 bytes size received / Se ha recibido un archivo vacio

4. C:\WINDOWS\system32\sstts.dll
0 bytes size received / Se ha recibido un archivo vacio

5. C:\WINDOWS\System32\dimsntfy.dll
File size: 19456 bytes
MD5...: 2449d2a51ea2083fa05058f7cef44714
SHA1..: 96191399fccbc0d1da11c36574421b4b974bc1ee
SHA256: 3291589aec31c553c35b54b2d9082bb83035ada5b68abbb351e3ae3e0a9ed18b
SHA512: 2f323cb618aba9b7b9fda7a30c3bed5f30b1d0da98633b759522ab44f6e07cd6
8add87102c14dc0836cddf21f1845b330ef50482998de814f3bbf636137d9cc8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4712416a
timedatestamp.....: 0x4802bf88 (Mon Apr 14 02:20:56 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3bba 0x3c00 6.40 d5c789f4158a1c0c2001e18fa3102a72
.data 0x5000 0x214 0x200 1.10 0f7819b5602a8da1a0f7f40e11f2b9de
.rsrc 0x6000 0x3f0 0x400 3.37 ce0a21d8f09428816f61b53fc0edd368
.reloc 0x7000 0x4a6 0x600 5.15 3b4a52062ac50e13c4151a297a2dfefe

( 6 imports )
> msvcrt.dll: _adjust_fdiv, srand, rand, wcslen, malloc, _initterm, free
> ntdll.dll: RtlInitUnicodeString, RtlSetEnvironmentVariable
> KERNEL32.dll: CreateProcessW, DuplicateHandle, GetCurrentProcess, CreatePipe, FlushFileBuffers, InterlockedDecrement, RegisterWaitForSingleObject, WriteFile, DeleteTimerQueueTimer, InterlockedExchange, Sleep, InterlockedExchangeAdd, CreateTimerQueueTimer, MulDiv, OpenEventW, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW, QueueUserWorkItem, SetEvent, LocalFree, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, UnregisterWaitEx, InterlockedIncrement, GetLastError, CloseHandle, DisableThreadLibraryCalls, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CreateEventW, LocalAlloc
> ADVAPI32.dll: AddAccessDeniedAceEx, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetTokenInformation, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, CreateProcessAsUserW, RegDeleteKeyW, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, RegQueryValueExW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExW, RegSetValueExW, RegCloseKey, TraceMessage, DuplicateTokenEx, RegOpenKeyExW
> NETAPI32.dll: DsRoleGetPrimaryDomainInformation, DsRoleFreeMemory
> USERENV.dll: DestroyEnvironmentBlock, CreateEnvironmentBlock, UnregisterGPNotification, RegisterGPNotification, -

( 7 exports )
WlDimsLock, WlDimsLogoff, WlDimsLogon, WlDimsShutdown, WlDimsStartShell, WlDimsStartup, WlDimsUnlock

Und was mache ich jetz mit den ganzen Virenprogs?? Die laufen ja nebenbei und fressen richtig schön Perfomance!!

Deinstall??

Du machst einige Sachen auf dem Rechner grundlegend Falsch.

Folgende Programm solltest Du deinstallieren und nicht mehr verwenden

- emule
- Tor / Vidalia
- Incredimail
- limewire

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

Killall::

File::
C:\WINDOWS\system32\jvkfrouk.dll
C:\WINDOWS\system32\sstts.dll
D:\autorun.exe
F:\AutoRun.exe
I:\AutoRun.exe
G:\AutoRun.exe
C:\WINDOWS\system32\mllmj.dll


Folder::
C:\Programme\Macrogaming
C:\VundoFix Backups

Filelook::
C:\WINDOWS\system32\67F8008A2B.dll
C:\WINDOWS\system32\nview.dll
C:\WINDOWS\system32\drivers\sptd9597.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CA8ED4F-D48F-4147-AF06-BF4517B9DAF0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A547D2C2-7722-4953-B8A7-5548E75A8901}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"NWEReboot"=-
"d000ae14"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b374a4c-bf70-11dc-82eb-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b374a4e-bf70-11dc-82eb-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ab3f86-1757-11dd-837b-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bce-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bd0-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bd1-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bd2-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bd3-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e394bd4-49c9-11dc-824d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eb468ea-b4c1-11dc-82d3-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eb468eb-b4c1-11dc-82d3-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4a8caa-a0d7-11dc-82b2-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62de1a9a-92a8-11dc-8288-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62de1ab0-92a8-11dc-8288-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717eed7c-c47b-11dc-82f0-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{833bcbd8-dc91-11dc-831c-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{833bcbd9-dc91-11dc-831c-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{848d72f0-4a94-11dc-8252-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{848d72f1-4a94-11dc-8252-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{848d72f2-4a94-11dc-8252-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1fd2a6-0572-11dd-834e-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1fd2a7-0572-11dd-834e-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9039208e-dd62-11dc-831d-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bf5e7d4-4a6b-11dc-8251-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bf5e7d5-4a6b-11dc-8251-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f479840-5a5d-11dc-8272-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f479841-5a5d-11dc-8272-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a142b200-1778-11dd-837c-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab5cfb1c-16b3-11dd-8379-00138f424e42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab5cfb1d-16b3-11dd-8379-00138f424e42}]
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.





6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

Dann direkt danach

Flashdisinfector

• Lade Flash_Disinfector.exe und speichere es auf Deinen Desktop.
  
• Doppleklicke Flash_Disinfector.exe um es zu starten und folge den Anweisungen.
  
• Das Programm bittet Dich Flash Drives (USB Sticks/Festplatten) und alle entfernbaren Medien (auch Dein Handy) anzuschließen. Bitte mach dies und erlaube dem Programm diese Laufwerke auch zu reinigen.
  
• Warte bis das Programm den Scan abgeschlossen hat und schließe das Programm dann.
• Reboote Deinen Rechner wenn Du die obigen Punkte ausgeführt hast.

Jetzt bitte das neue CF Log.

Hab soweit alles deinstall...

Was für Email- Sammelprog ist denn zu empfehlen...?!
Und was mach ich jetzt wegen, mit den anderen Prog.´s wie cCleaner, SuperAntiSpyware, Malewarebytes...usw???!!
Hab schon 2 * gefragt....

ComboFix 08-05-21.3 - Uncle Doc 2008-05-23 22:33:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1669 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Uncle Doc\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Uncle Doc\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\jvkfrouk.dll
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\sstts.dll
D:\autorun.exe
F:\AutoRun.exe
G:\AutoRun.exe
I:\AutoRun.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\Macrogaming
C:\Programme\Macrogaming\SweetIM\conf\adapter.xml
C:\Programme\Macrogaming\SweetIM\conf\logger.xml
C:\Programme\Macrogaming\SweetIM\conf\messages.xml
C:\Programme\Macrogaming\SweetIM\conf\sweetim.xml
C:\Programme\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Programme\Macrogaming\SweetIM\conf\users\Christian_UncleDoc@web.de\emoticons_shortcut.xml
C:\Programme\Macrogaming\SweetIM\conf\users\Christian_UncleDoc@web.de\lastuse_Emoticons.xml
C:\Programme\Macrogaming\SweetIM\conf\users\Christian_UncleDoc@web.de\lastuse_SpecialFX.xml
C:\Programme\Macrogaming\SweetIM\conf\users\Christian_UncleDoc@web.de\lastuse_Winks.xml
C:\Programme\Macrogaming\SweetIM\conf\users\Christian_UncleDoc@web.de\user_config.xml
C:\Programme\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Programme\Macrogaming\SweetIM\data\contentdb\000100D9.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000100E7.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000100E8.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00010847.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0001084F.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00010857.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00010859.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0001085D.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0001087C.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00010885.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002005C.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002005E.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002005F.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020068.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020069.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002006C.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002006D.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002006E.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020071.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020073.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020075.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020077.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020078.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020079.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002007D.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020080.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020099.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002009A.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000200A2.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000200AE.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000200B8.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000200CC.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\000200D8.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020114.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020119.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002011C.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020120.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020127.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00020139.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0002013D.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00030007.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00030011.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00040011.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0004001F.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00040022.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00040029.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0004004F.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00040067.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0004009B.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0004009F.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00050001.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00050002.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0006001D.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00060027.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\0006006B.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\00060086.dat
C:\Programme\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Programme\Macrogaming\SweetIM\default.xml
C:\Programme\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Programme\Macrogaming\SweetIM\mgArchive.dll
C:\Programme\Macrogaming\SweetIM\mgcommon.dll
C:\Programme\Macrogaming\SweetIM\mgcommunication.dll
C:\Programme\Macrogaming\SweetIM\mgconfig.dll
C:\Programme\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Programme\Macrogaming\SweetIM\mghooking.dll
C:\Programme\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Programme\Macrogaming\SweetIM\mglogger.dll
C:\Programme\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Programme\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Programme\Macrogaming\SweetIM\mgMsnProt.dll
C:\Programme\Macrogaming\SweetIM\mgSweetIM.dll
C:\Programme\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Programme\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Programme\Macrogaming\SweetIM\resources\gdiplus.dll
C:\Programme\Macrogaming\SweetIM\resources\ImageOle.dll
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\Programme\Macrogaming\SweetIM\update\lastversioninfo.xml
C:\VundoFix Backups
C:\VundoFix Backups\sstts.dll.bad
C:\VundoFix Backups\sttss.ini.bad
C:\VundoFix Backups\sttss.ini2.bad
D:\autorun.exe . . . . Nicht in der Lage zu löschen
F:\AutoRun.exe . . . . Nicht in der Lage zu löschen

((((((((((((((((((((((( Dateien erstellt von 2008-04-23 bis 2008-05-23 ))))))))))))))))))))))))))))))
.

2008-05-23 22:18 . 2008-05-23 22:18 268 --ah----- C:\sqmdata00.sqm
2008-05-23 22:18 . 2008-05-23 22:18 244 --ah----- C:\sqmnoopt00.sqm
2008-05-23 22:09 . 2008-05-23 22:37 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Vidalia
2008-05-23 10:47 . 2008-05-23 10:47 53,213 --a------ C:\WINDOWS\WEMbg.zip
2008-05-22 07:38 . 2008-05-23 22:04 21 --a------ C:\WINDOWS\escan.dbf
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-05-22 00:58 . 2008-05-22 00:58 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-05-22 00:56 . 2008-05-22 00:56 26,984,462 --a------ C:\WINDOWS\hklmSY.reg
2008-05-22 00:55 . 2008-05-22 00:56 6,557,837 --a------ C:\WINDOWS\REGBK00.ZIP
2008-05-22 00:34 . 2008-05-22 00:34 <DIR> d-------- C:\Programme\CCleaner
2008-05-22 00:34 . 2008-05-22 00:34 20 --a------ C:\WINDOWS\WIN.PRO
2008-05-22 00:33 . 2008-05-22 19:10 <DIR> d-------- C:\Programme\Yahoo!
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\PUB
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Vorlagen
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Startmen�
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Favoriten
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Dokumente
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Anwendungsdaten
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Vorlagen
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-05-22 00:27 . 2008-05-22 00:27 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Dokumente
2008-05-22 00:27 . 2008-04-14 07:53 153,600 --a------ C:\WINDOWS\R.COM
2008-05-22 00:27 . 2008-04-14 07:53 140,800 --a------ C:\WINDOWS\system32\T.COM
2008-05-22 00:27 . 2008-05-22 00:27 124,626 --a------ C:\WINDOWS\winsbak2.reg
2008-05-22 00:27 . 2008-05-22 00:27 17,596 --a------ C:\WINDOWS\winsbak.reg
2008-05-22 00:27 . 2008-05-05 16:48 211 --a------ C:\bootini.ins
2008-05-22 00:27 . 2008-05-22 01:00 50 --a------ C:\23990098.$$$
2008-05-22 00:26 . 2008-05-22 00:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MicroWorld
2008-05-22 00:26 . 2008-05-23 22:37 <DIR> d-------- C:\Programme\eScan
2008-05-22 00:25 . 2008-05-22 00:25 3,968 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-05-21 23:17 . 2008-05-22 00:27 <DIR> d-------- C:\Programme\EsetOnlineScanner
2008-05-21 22:12 . 2008-05-21 22:12 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Malwarebytes
2008-05-21 21:43 . 2008-05-21 21:45 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-21 21:43 . 2008-05-21 21:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-21 21:43 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 21:43 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\SUPERAntiSpyware.com
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-05-21 19:55 . 2008-05-22 07:48 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 19:55 . 2008-05-22 07:48 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 19:54 . 2008-05-21 19:54 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-05-21 19:54 . 2008-05-23 22:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-05-21 19:54 . 2008-05-22 08:28 12,483,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 19:54 . 2008-05-22 08:28 169,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-21 19:54 . 2008-05-22 08:28 34,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-21 19:54 . 2008-05-22 08:28 5,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-21 19:53 . 2008-05-21 20:20 3,830 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 19:46 . 2008-05-21 19:46 <DIR> d-------- C:\kav
2008-05-20 20:15 . 2008-05-20 20:15 <DIR> d-------- C:\Programme\Trend Micro
2008-05-19 13:29 . 2008-05-22 20:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 13:20 . 2008-05-19 13:20 92 --a------ C:\WINDOWS\wininit.ini
2008-05-19 12:59 . 2008-05-19 12:59 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-18 18:36 . 2008-05-18 18:36 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Command & Conquer 3 Kanes Rache
2008-05-18 18:34 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-18 18:34 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-18 18:34 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-18 18:33 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-18 18:04 . 2008-05-18 18:04 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Eigene Dateien
2008-05-12 11:50 . 2008-05-13 15:37 <DIR> d-------- C:\WINDOWS\system32\seidel_0508 dir
2008-05-05 16:39 . 2008-05-05 16:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logitech
2008-04-30 18:26 . 2008-04-30 18:30 <DIR> d-------- C:\Programme\Your Uninstaller 2008
2008-04-30 18:26 . 2008-04-30 18:26 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\URSoft
2008-04-30 18:21 . 2008-04-30 18:21 <DIR> d-------- C:\Programme\WINcon 5.0
2008-04-30 15:09 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-29 19:53 . 2008-05-05 16:06 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\skypePM
2008-04-29 19:53 . 2008-04-29 19:53 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-29 19:52 . 2008-05-05 17:04 <DIR> d-------- C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Skype
2008-04-29 19:51 . 2008-04-29 19:51 <DIR> d-------- C:\Programme\Skype
2008-04-29 19:51 . 2008-04-29 19:51 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-04-29 19:51 . 2008-04-29 19:51 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-04-26 12:07 . 2008-04-26 12:07 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-04-26 12:07 . 2008-04-26 12:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-26 12:06 . 2008-04-26 12:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-26 12:05 . 2008-04-26 12:07 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logishrd
2008-04-26 12:04 . 2008-04-26 12:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogiShrd

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 20:37 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\tor
2008-05-23 20:17 --------- d-----w C:\Programme\Google
2008-05-23 20:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-05-23 20:08 --------- d-----w C:\Programme\IncrediMail
2008-05-23 20:07 --------- d-----w C:\Programme\Vidalia Bundle
2008-05-23 20:06 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-05-23 20:06 --------- d-----w C:\Programme\eMule
2008-05-21 22:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar
2008-05-21 22:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-21 19:26 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-21 16:17 --------- d-----w C:\Programme\Java
2008-05-19 16:57 --------- d-----w C:\Programme\Winamp
2008-05-18 16:14 --------- d-----w C:\Programme\Electronic Arts
2008-05-14 09:36 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead
2008-05-13 13:44 --------- d-----w C:\Programme\Nero
2008-05-09 21:32 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\ICQ
2008-05-09 09:41 --------- d-----w C:\Programme\MSN Messenger
2008-05-07 09:53 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\AdobeUM
2008-05-05 14:39 --------- d-----w C:\Programme\Logitech
2008-05-01 13:30 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-01 13:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead
2008-04-30 16:34 --------- d-----w C:\Programme\Microsoft IntelliType Pro
2008-04-30 13:15 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9597.sys
2008-04-28 17:50 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Metacafe
2008-04-28 17:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Metacafe
2008-04-20 19:58 --------- d-----w C:\Programme\Ashampoo
2008-04-19 15:09 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\Nero
2008-04-19 15:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
2008-04-19 15:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-04-19 10:39 --------- d-----w C:\Programme\ICQ6
2008-04-17 18:00 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-04-17 18:00 --------- d-----w C:\Programme\Hewlett-Packard
2008-04-17 09:35 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\vlc
2008-04-14 18:30 --------- d-----w C:\Programme\Windows Media Connect 2
2008-04-14 17:30 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
2008-04-14 17:29 --------- d-----w C:\Programme\SlySoft
2008-04-14 15:30 --------- d-----w C:\Programme\Elaborate Bytes
2008-04-14 15:30 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
2008-04-14 15:14 --------- d-----w C:\Programme\DVD Shrink DE
2008-04-14 15:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink
2008-04-14 14:59 --------- d-----w C:\Dokumente und Einstellungen\Uncle Doc\Anwendungsdaten\dvdcss
2008-04-14 05:53 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 05:53 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 05:53 288,768 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 05:53 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 05:53 153,600 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 05:53 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 05:53 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 05:32 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 05:32 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 05:32 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 05:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 05:32 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 05:28 800,384 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:28 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:28 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:28 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 05:28 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 05:27 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:26 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:25 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:25 52,992 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:24 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:22 57,728 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:22 53,760 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:22 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:22 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:21 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:20 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:20 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:19 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:19 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:19 188,800 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2006-08-15 17:10 80 --sh--r C:\WINDOWS\system32\67F8008A2B.dll
2001-08-18 19:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\67F8008A2B.dll -- Not a PE file.
C:\WINDOWS\system32\drivers\sptd9597.sys -- Not a PE file.

---- C:\WINDOWS\system32\nview.dll ----
Company: NVIDIA Corporation
File Description: NVIDIA nView Desktop and Window Manager 111.32
File Version: 6.14.10.11132
Product Name: NVIDIA nView Desktop and Window Manager 111.32
Copyright: (C) NVIDIA Corporation. All rights reserved.
Original file name: nView.dll

((((((((((((((((((((((((((((( snapshot_2008-05-23_22.29.22.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 20:20:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 20:36:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programme\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"HuaWeiEVDO.exe"="C:\Programme\o2\Surf Box mini\o2 Surf Box mini.exe" [2007-04-12 10:54 942080]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WEMBG"="C:\WINDOWS\WEMBG.EXE" [2004-12-07 11:09 118784]
"WebCam Go Plus Sti Service Application"="Wcgopsvc" []
"SW24"="C:\WINDOWS\System32\sw24.exe" [2005-07-04 07:29 69632]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2005-06-30 08:03 200704]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 02:08 2094352]
"Launch LCDMon"="C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 01:30 1687824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 17:39 55824 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 22:30 188416]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"eScan Updater"="C:\PROGRA~1\eScan\TRAYICOS.exe" [2008-02-20 19:56 1300480]
"MailScan Dispatcher"="C:\PROGRA~1\eScan\LAUNCH.exe" [2008-02-19 18:19 192512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 07:52 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CJPG"= ctwbjpg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Programme\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\PROGRA~1\\eScan\\DOWNLOAD.EXE"=
"C:\\PROGRA~1\\eScan\\TRAYICOS.EXE"=
"C:\\PROGRA~1\\GEMEIN~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"C:\\PROGRA~1\\eScan\\LICENSE.EXE"=
"C:\\PROGRA~1\\eScan\\MAILADM.EXE"=
"C:\\PROGRA~1\\GEMEIN~1\\MICROW~1\\eScanRAD\\ESCANRAD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36448:TCP"= 36448:TCP:Emule
"36449:UDP"= 36449:UDP:Emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 eScan-trayicos;eScan Server-Updater;C:\PROGRA~1\eScan\TRAYSSER.EXE [2008-02-19 16:53]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-11-15 13:02]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 ProcObsrves;Process Creation Monitor;C:\PROGRA~1\eScan\ProcObsrves.sys [2007-12-10 17:25]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
S3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
S3 WEMFX_AT;USB Storage Adapter FX_AT;C:\WINDOWS\system32\DRIVERS\WEMFX_AT.SYS [2004-12-07 11:09]
S3 ZD1211BU(WLAN);802.11g USB 2.0 Wireless LAN Driver (USB)(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-05-09 15:16:33 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-22 19:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2008-05-18 18:05:11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1208455429.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 22:37:12
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint II\SetPointII.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\PROGRA~1\eScan\Vista\avpmapp.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\PROGRA~1\eScan\CONSCTL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAGENT.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Vidalia Bundle\Tor\tor.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\eScan\Vista\SCANNINGPROCESS.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-23 22:45:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 20:45:09
ComboFix2.txt 2008-05-23 20:29:37
ComboFix3.txt 2008-05-21 19:22:18

22 Verzeichnis(se), 92,054,650,880 Bytes frei
23 Verzeichnis(se), 92,032,180,224 Bytes frei

480

Weiter Log´s von Virustotal...:
6. C:\WINDOWS\system32\D3DCompiler_36.dll

File size: 1374232 bytes
MD5...: fb4299688a0d3a37687c015ac2b9922d
SHA1..: a4898d246afbb0ed399e77fa5ff29c99caf912a0
SHA256: f15efcab1780fe7d784a3cd3798f147fa249e81b7ef9a494b85dc7fdab084734
SHA512: 664b139754d587dc32820354c1333fe6a5528b07b8bbfaf27374a5da7e86a4c3
e7904250976ef3cf8620fd0568c34fa75704a8b1585c382b99d4ee46518617ae
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x540366
timedatestamp.....: 0x470d6c2c (Thu Oct 11 00:19:56 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1420c6 0x142200 6.19 423d3bbc413944a249074617bfcf383d
.data 0x144000 0x3d80 0x2a00 2.80 dfbec53a5290dca13842c3cd4d839a19
.rsrc 0x148000 0x3c0 0x400 3.22 2324f9c10be599526eaa8d288a309f3f
.reloc 0x149000 0x7e18 0x8000 6.24 28786c8c496d764cfee4d7ff969fd37b

( 3 imports )
> msvcrt.dll: __1type_info@@UAE@XZ, __CxxFrameHandler, _onexit, _lock, __dllonexit, _unlock, isspace, _amsg_exit, _initterm, _XcptFilter, _CxxThrowException, memset, memcpy, setlocale, _strdup, isxdigit, atof, modf, isalnum, isalpha, _strnicmp, _finite, _isnan, _fpclass, ceil, strncmp, isdigit, _clearfp, _controlfp, _purecall, tolower, atoi, memmove, _stricmp, malloc, free, __2@YAPAXI@Z, __3@YAXPAX@Z, strchr, _vsnprintf, strstr, qsort, toupper, floor, _CItanh, _CItan, _CIsinh, _CIsin, _CIlog, _CIfmod, _CIpow, _CIexp, _CIsqrt, _CIcosh, _CIcos, _CIatan2, _CIatan, _CIasin, _CIacos
> GDI32.dll: DeleteObject
> KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, RtlUnwind, UnmapViewOfFile, CloseHandle, VirtualFree, lstrcmpiA, FreeLibrary, DeleteCriticalSection, InitializeCriticalSection, OutputDebugStringA, GetFullPathNameA, TlsFree, TlsAlloc, InterlockedExchange, Sleep, TlsSetValue, InterlockedCompareExchange, TlsGetValue, GetVersion, GetSystemInfo, GetProcAddress, VirtualAlloc, DisableThreadLibraryCalls, LoadLibraryA, GetModuleHandleA

( 10 exports )
D3DCompileFromMemory, D3DDisassembleCode, D3DDisassembleEffect, D3DGetCodeDebugInfo, D3DGetInputAndOutputSignatureBlob, D3DGetInputSignatureBlob, D3DGetOutputSignatureBlob, D3DPreprocessFromMemory, D3DReflectCode, DebugSetMute

7. C:\WINDOWS\system32\d3dx10_36.dll

File size: 444776 bytes
MD5...: d9158e78a368b08d9133043eb3058c12
SHA1..: d71d6f103bf7433f442f55c355dc74fd4b8a736c
SHA256: aee0248f18dfef8194451a22c69adda1cca38c03ae9aa776114da9d8851d4c38
SHA512: 8bcf2da86f708ae84141089f80131244d957e64c6fed0fc39dc688201659cffa
7005bfd4cbbb315ee0a60c61e38ead3b4e4fcb3d2f0ecd0386a6fbe486d82bd9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x45c938
timedatestamp.....: 0x46a06d54 (Fri Jul 20 08:07:48 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x60c76 0x60e00 6.74 2a2958351accf7554d6c236b51a99561
.data 0x62000 0x5d28 0x5600 3.92 e001b252666bdee7a9d908630ba6e210
.rsrc 0x68000 0x3a0 0x400 3.14 6adc25c639e5cc362aacbb146a31b950
.reloc 0x69000 0x366c 0x3800 6.05 b3fa8bd0fc6d3fd47415c5ff2088786e

( 5 imports )
> msvcrt.dll: __1type_info@@UAE@XZ, _onexit, _lock, __dllonexit, _unlock, _terminate@@YAXXZ, _amsg_exit, _initterm, free, malloc, _XcptFilter, tolower, _stricmp, _CxxThrowException, _isnan, floor, _controlfp, _purecall, _CIatan, _CIcos, _CIasin, _finite, _CIsin, _CIatan2, _CIacos, _CIsqrt, iswspace, iswalpha, iswdigit, iswpunct, memmove, qsort, memset, __2@YAPAXI@Z, memcpy, __3@YAXPAX@Z, _vsnprintf, __CxxFrameHandler
> GDI32.dll: CreateDIBSection, GetCharacterPlacementA, GetCharacterPlacementW, SetTextColor, DeleteDC, DeleteObject, SelectObject, GetGlyphOutlineA, GetTextMetricsA, GetObjectW, GetObjectA, SetBkMode, GetTextMetricsW, GetFontLanguageInfo, CreateFontIndirectA, CreateFontIndirectW, SetTextAlign, SetMapMode, CreateCompatibleDC, ExtTextOutA, MoveToEx, ExtTextOutW, TranslateCharsetInfo, SetBkColor
> KERNEL32.dll: CreateFileA, GetFileSizeEx, ReadFile, WideCharToMultiByte, GetFullPathNameA, GetModuleHandleA, FreeLibrary, GetCurrentProcess, GetProcessAffinityMask, CreateThread, InterlockedIncrement, Sleep, WaitForSingleObject, InterlockedDecrement, DebugBreak, WaitForMultipleObjects, ReleaseSemaphore, MultiByteToWideChar, CloseHandle, CreateSemaphoreA, CreateMutexA, DeleteCriticalSection, InitializeCriticalSection, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, GetVersion, GetProcAddress, DisableThreadLibraryCalls, IsProcessorFeaturePresent, CreateFileW, GetFileSize, GetModuleFileNameA, InterlockedExchange, InterlockedCompareExchange, OutputDebugStringA, RtlUnwind, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, WriteFile, GetLastError, LockResource, FindResourceW, LoadResource, SizeofResource, FindResourceA, ReleaseMutex
> ADVAPI32.dll: RegCloseKey, RegEnumKeyExA, RegOpenKeyExA, RegQueryValueExA
> ole32.dll: CreateStreamOnHGlobal

( 180 exports )
D3DX10CheckVersion, D3DX10CompileFromFileA, D3DX10CompileFromFileW, D3DX10CompileFromMemory, D3DX10CompileFromResourceA, D3DX10CompileFromResourceW, D3DX10ComputeNormalMap, D3DX10CreateAsyncCompilerProcessor, D3DX10CreateAsyncEffectCreateProcessor, D3DX10CreateAsyncEffectPoolCreateProcessor, D3DX10CreateAsyncFileLoaderA, D3DX10CreateAsyncFileLoaderW, D3DX10CreateAsyncMemoryLoader, D3DX10CreateAsyncResourceLoaderA, D3DX10CreateAsyncResourceLoaderW, D3DX10CreateAsyncShaderPreprocessProcessor, D3DX10CreateAsyncShaderResourceViewProcessor, D3DX10CreateAsyncTextureInfoProcessor, D3DX10CreateAsyncTextureProcessor, D3DX10CreateDevice, D3DX10CreateDeviceAndSwapChain, D3DX10CreateEffectFromFileA, D3DX10CreateEffectFromFileW, D3DX10CreateEffectFromMemory, D3DX10CreateEffectFromResourceA, D3DX10CreateEffectFromResourceW, D3DX10CreateEffectPoolFromFileA, D3DX10CreateEffectPoolFromFileW, D3DX10CreateEffectPoolFromMemory, D3DX10CreateEffectPoolFromResourceA, D3DX10CreateEffectPoolFromResourceW, D3DX10CreateFontA, D3DX10CreateFontIndirectA, D3DX10CreateFontIndirectW, D3DX10CreateFontW, D3DX10CreateMesh, D3DX10CreateShaderResourceViewFromFileA, D3DX10CreateShaderResourceViewFromFileW, D3DX10CreateShaderResourceViewFromMemory, D3DX10CreateShaderResourceViewFromResourceA, D3DX10CreateShaderResourceViewFromResourceW, D3DX10CreateSkinInfo, D3DX10CreateSprite, D3DX10CreateTextureFromFileA, D3DX10CreateTextureFromFileW, D3DX10CreateTextureFromMemory, D3DX10CreateTextureFromResourceA, D3DX10CreateTextureFromResourceW, D3DX10CreateThreadPump, D3DX10DisassembleEffect, D3DX10DisassembleShader, D3DX10FilterTexture, D3DX10GetDriverLevel, D3DX10GetFeatureLevel1, D3DX10GetImageInfoFromFileA, D3DX10GetImageInfoFromFileW, D3DX10GetImageInfoFromMemory, D3DX10GetImageInfoFromResourceA, D3DX10GetImageInfoFromResourceW, D3DX10LoadTextureFromTexture, D3DX10PreprocessShaderFromFileA, D3DX10PreprocessShaderFromFileW, D3DX10PreprocessShaderFromMemory, D3DX10PreprocessShaderFromResourceA, D3DX10PreprocessShaderFromResourceW, D3DX10ReflectShader, D3DX10SHProjectCubeMap, D3DX10SaveTextureToFileA, D3DX10SaveTextureToFileW, D3DX10SaveTextureToMemory, D3DX10UnsetAllDeviceObjects, D3DXBoxBoundProbe, D3DXColorAdjustContrast, D3DXColorAdjustSaturation, D3DXComputeBoundingBox, D3DXComputeBoundingSphere, D3DXCpuOptimizations, D3DXCreateMatrixStack, D3DXFloat16To32Array, D3DXFloat32To16Array, D3DXFresnelTerm, D3DXIntersectTri, D3DXMatrixAffineTransformation, D3DXMatrixAffineTransformation2D, D3DXMatrixDecompose, D3DXMatrixDeterminant, D3DXMatrixInverse, D3DXMatrixLookAtLH, D3DXMatrixLookAtRH, D3DXMatrixMultiply, D3DXMatrixMultiplyTranspose, D3DXMatrixOrthoLH, D3DXMatrixOrthoOffCenterLH, D3DXMatrixOrthoOffCenterRH, D3DXMatrixOrthoRH, D3DXMatrixPerspectiveFovLH, D3DXMatrixPerspectiveFovRH, D3DXMatrixPerspectiveLH, D3DXMatrixPerspectiveOffCenterLH, D3DXMatrixPerspectiveOffCenterRH, D3DXMatrixPerspectiveRH, D3DXMatrixReflect, D3DXMatrixRotationAxis, D3DXMatrixRotationQuaternion, D3DXMatrixRotationX, D3DXMatrixRotationY, D3DXMatrixRotationYawPitchRoll, D3DXMatrixRotationZ, D3DXMatrixScaling, D3DXMatrixShadow, D3DXMatrixTransformation, D3DXMatrixTransformation2D, D3DXMatrixTranslation, D3DXMatrixTranspose, D3DXPlaneFromPointNormal, D3DXPlaneFromPoints, D3DXPlaneIntersectLine, D3DXPlaneNormalize, D3DXPlaneTransform, D3DXPlaneTransformArray, D3DXQuaternionBaryCentric, D3DXQuaternionExp, D3DXQuaternionInverse, D3DXQuaternionLn, D3DXQuaternionMultiply, D3DXQuaternionNormalize, D3DXQuaternionRotationAxis, D3DXQuaternionRotationMatrix, D3DXQuaternionRotationYawPitchRoll, D3DXQuaternionSlerp, D3DXQuaternionSquad, D3DXQuaternionSquadSetup, D3DXQuaternionToAxisAngle, D3DXSHAdd, D3DXSHDot, D3DXSHEvalConeLight, D3DXSHEvalDirection, D3DXSHEvalDirectionalLight, D3DXSHEvalHemisphereLight, D3DXSHEvalSphericalLight, D3DXSHMultiply2, D3DXSHMultiply3, D3DXSHMultiply4, D3DXSHMultiply5, D3DXSHMultiply6, D3DXSHRotate, D3DXSHRotateZ, D3DXSHScale, D3DXSphereBoundProbe, D3DXVec2BaryCentric, D3DXVec2CatmullRom, D3DXVec2Hermite, D3DXVec2Normalize, D3DXVec2Transform, D3DXVec2TransformArray, D3DXVec2TransformCoord, D3DXVec2TransformCoordArray, D3DXVec2TransformNormal, D3DXVec2TransformNormalArray, D3DXVec3BaryCentric, D3DXVec3CatmullRom, D3DXVec3Hermite, D3DXVec3Normalize, D3DXVec3Project, D3DXVec3ProjectArray, D3DXVec3Transform, D3DXVec3TransformArray, D3DXVec3TransformCoord, D3DXVec3TransformCoordArray, D3DXVec3TransformNormal, D3DXVec3TransformNormalArray, D3DXVec3Unproject, D3DXVec3UnprojectArray, D3DXVec4BaryCentric, D3DXVec4CatmullRom, D3DXVec4Cross, D3DXVec4Hermite, D3DXVec4Normalize, D3DXVec4Transform, D3DXVec4TransformArray

8. C:\WINDOWS\system32\xactengine2_10.dll

File size: 267272 bytes
MD5...: 73e055af78a64f9b2779d44407ca2ab6
SHA1..: d771ef11d22a79dba7deccb9b3efedcbe74532d9
SHA256: 113640ae8cf78caa7cface2f906f9e6b60809906f5c26e08b2e90fc48430f3b7
SHA512: a8d979297ecce24a29459e7ff814e53c649a6c969869279dbf0f29edea4d7388
3441519a27e5e46bb1e4b5b942cb26907cea9a488de0067e589632687b25b5be
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41e668
timedatestamp.....: 0x471c7a05 (Mon Oct 22 10:23:01 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3b8db 0x3ba00 6.62 b17c38d605240e60ea7afc664c4e3191
RT_CODE 0x3d000 0x3c 0x200 0.63 92ec7085676fe133e1790b355de69ab8
.data 0x3e000 0x2914 0x400 1.90 8ee2b1f124a97cd393d8f049a830175a
.rsrc 0x41000 0x3f8 0x400 3.36 84eebb917fadd1c9792cf7086daefd04
.reloc 0x42000 0x278a 0x2800 5.69 db5a348a60cf5eb3437f129251b182f8

( 7 imports )
> msvcrt.dll: _aligned_free, _onexit, __dllonexit, _vsnwprintf, _adjust_fdiv, _initterm, strncpy, _CIacos, free, malloc, floor, __2@YAPAXI@Z, _aligned_malloc, _CIpow, wcslen, _isnan, _purecall, __3@YAXPAX@Z, _except_handler3, _vsnprintf, _controlfp
> KERNEL32.dll: HeapSize, GetSystemInfo, LoadLibraryW, GetProcAddress, FreeLibrary, GetVersionExW, lstrcmpW, InterlockedDecrement, InterlockedIncrement, DisableThreadLibraryCalls, GetLastError, GetModuleFileNameA, EnterCriticalSection, LeaveCriticalSection, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, GetCurrentThreadId, HeapFree, GetProcessHeap, HeapAlloc, OutputDebugStringA, InitializeCriticalSection, CreateSemaphoreW, TryEnterCriticalSection, CloseHandle, CreateFileA, InterlockedExchange, QueryPerformanceFrequency, GetOverlappedResult, ReadFile, WaitForMultipleObjects, WaitForSingleObject, SetEvent, CreateThread, CreateEventA, Sleep, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReleaseSemaphore, GetFileSize, SetEndOfFile, CreateEventW, SetThreadPriority, SwitchToThread, DeleteCriticalSection, GetCurrentProcess, WriteFile, SetFilePointer
> RPCRT4.dll: UuidToStringA, RpcStringFreeA
> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, PropVariantClear, CLSIDFromString
> ADVAPI32.dll: RegCreateKeyExA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA
> USER32.dll: GetDesktopWindow
> WINMM.dll: timeEndPeriod, timeBeginPeriod

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

9. C:\WINDOWS\system32\d3dx9_36.dll

File size: 3734536 bytes
MD5...: 44bfec5c9c82a2ee9871d88fd3b9a0e2
SHA1..: e2aeb78330d0815cffedfe88438a71024577d4b6
SHA256: c12f0ab0338eb5031d3d04beaf7208ac848f7e037d21ff963d2af90221cbe935
SHA512: 35c42ce3afeeb3710d3d96d2cf9ffa2828fe17f8d749fd149e3797e87e154508
c77f637de0e424d38bb3fa56bca959cf9da7787323950ec8261b144c09ae306d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x750d21
timedatestamp.....: 0x470d6db0 (Thu Oct 11 00:26:24 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x35df50 0x35e000 6.53 ea8a92b937278d4181b10de0a5ec3039
.data 0x35f000 0x317b0 0x18400 5.82 9a846b13692a33833b24532c072b3496
.rsrc 0x391000 0x378 0x400 3.02 d80248f6d1441802bfa20e2791fd9e39
.reloc 0x392000 0x16b66 0x16c00 6.47 7236434dadf5b8539c909a03d82d71e5

( 4 imports )
> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, isleadbyte, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _amsg_exit, _initterm, _XcptFilter, srand, strtod, fread, fflush, fwrite, abort, _tempnam, exit, atol, _ultoa, wcstombs, rand, isxdigit, atof, _CIcosh, _CIexp, _CIsinh, _CItan, _CItanh, _fpclass, _isnan, strncmp, isalnum, isalpha, toupper, tolower, atoi, floor, _strtime, _strdate, sscanf, isspace, isdigit, _setjmp3, longjmp, ldexp, frexp, calloc, realloc, _CIlog, setlocale, _strdup, free, _clearfp, ceil, _controlfp, malloc, _CIatan, _CIcos, _CIasin, _finite, _CIsin, _CIatan2, _CIacos, memmove, qsort, _CIfmod, _purecall, _stricmp, modf, iswspace, iswalpha, iswdigit, iswpunct, _CIsqrt, memcpy, memset, _CIpow, __2@YAPAXI@Z, __3@YAXPAX@Z, _iob, strchr, _vsnprintf, _strnicmp, _CxxThrowException, __1type_info@@UAE@XZ, _errno, __CxxFrameHandler
> GDI32.dll: DeleteDC, CreateDIBSection, GetGlyphOutlineA, GetTextMetricsA, GetObjectW, DeleteObject, SelectObject, GetCharacterPlacementA, GetCharacterPlacementW, SetTextColor, SetBkColor, SetBkMode, GetTextMetricsW, GetFontLanguageInfo, CreateFontIndirectA, CreateFontIndirectW, SetTextAlign, SetMapMode, CreateCompatibleDC, ExtTextOutA, MoveToEx, ExtTextOutW, TranslateCharsetInfo, GetCurrentObject, GetOutlineTextMetricsA, GetGlyphOutlineW, GetObjectA
> KERNEL32.dll: DeleteFileW, SetFilePointer, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, FindResourceA, LoadResource, LockResource, SizeofResource, FreeResource, CompareStringA, CreateFileW, GetLastError, FormatMessageA, LocalFree, LeaveCriticalSection, DeleteCriticalSection, InterlockedCompareExchange, Sleep, InitializeCriticalSection, InterlockedExchange, EnterCriticalSection, lstrcmpiA, GetFileSizeEx, GetFullPathNameA, IsDBCSLeadByte, WriteFile, MoveFileA, GetTempFileNameA, CreateFileA, ReadFile, CloseHandle, DeleteFileA, InterlockedDecrement, InterlockedIncrement, IsProcessorFeaturePresent, VirtualFree, GetACP, WideCharToMultiByte, MultiByteToWideChar, OutputDebugStringA, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetVersionExA, GetVersion, GetSystemInfo, GetProcAddress, VirtualAlloc, GetProcessHeap, HeapFree, HeapAlloc, DisableThreadLibraryCalls, MoveFileW, GetTempFileNameW, GlobalMemoryStatus, SetEndOfFile, ExpandEnvironmentStringsA, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, WaitForSingleObject, ReleaseMutex, CreateMutexA, RtlUnwind, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsAlloc, FindResourceW, GetTempPathA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey

( 336 exports )
D3DXAssembleShader, D3DXAssembleShaderFromFileA, D3DXAssembleShaderFromFileW, D3DXAssembleShaderFromResourceA, D3DXAssembleShaderFromResourceW, D3DXBoxBoundProbe, D3DXCheckCubeTextureRequirements, D3DXCheckTextureRequirements, D3DXCheckVersion, D3DXCheckVolumeTextureRequirements, D3DXCleanMesh, D3DXColorAdjustContrast, D3DXColorAdjustSaturation, D3DXCompileShader, D3DXCompileShaderFromFileA, D3DXCompileShaderFromFileW, D3DXCompileShaderFromResourceA, D3DXCompileShaderFromResourceW, D3DXComputeBoundingBox, D3DXComputeBoundingSphere, D3DXComputeIMTFromPerTexelSignal, D3DXComputeIMTFromPerVertexSignal, D3DXComputeIMTFromSignal, D3DXComputeIMTFromTexture, D3DXComputeNormalMap, D3DXComputeNormals, D3DXComputeTangent, D3DXComputeTangentFrame, D3DXComputeTangentFrameEx, D3DXConcatenateMeshes, D3DXConvertMeshSubsetToSingleStrip, D3DXConvertMeshSubsetToStrips, D3DXCreateAnimationController, D3DXCreateBox, D3DXCreateBuffer, D3DXCreateCompressedAnimationSet, D3DXCreateCubeTexture, D3DXCreateCubeTextureFromFileA, D3DXCreateCubeTextureFromFileExA, D3DXCreateCubeTextureFromFileExW, D3DXCreateCubeTextureFromFileInMemory, D3DXCreateCubeTextureFromFileInMemoryEx, D3DXCreateCubeTextureFromFileW, D3DXCreateCubeTextureFromResourceA, D3DXCreateCubeTextureFromResourceExA, D3DXCreateCubeTextureFromResourceExW, D3DXCreateCubeTextureFromResourceW, D3DXCreateCylinder, D3DXCreateEffect, D3DXCreateEffectCompiler, D3DXCreateEffectCompilerFromFileA, D3DXCreateEffectCompilerFromFileW, D3DXCreateEffectCompilerFromResourceA, D3DXCreateEffectCompilerFromResourceW, D3DXCreateEffectEx, D3DXCreateEffectFromFileA, D3DXCreateEffectFromFileExA, D3DXCreateEffectFromFileExW, D3DXCreateEffectFromFileW, D3DXCreateEffectFromResourceA, D3DXCreateEffectFromResourceExA, D3DXCreateEffectFromResourceExW, D3DXCreateEffectFromResourceW, D3DXCreateEffectPool, D3DXCreateFontA, D3DXCreateFontIndirectA, D3DXCreateFontIndirectW, D3DXCreateFontW, D3DXCreateFragmentLinker, D3DXCreateFragmentLinkerEx, D3DXCreateKeyframedAnimationSet, D3DXCreateLine, D3DXCreateMatrixStack, D3DXCreateMesh, D3DXCreateMeshFVF, D3DXCreateNPatchMesh, D3DXCreatePMeshFromStream, D3DXCreatePRTBuffer, D3DXCreatePRTBufferTex, D3DXCreatePRTCompBuffer, D3DXCreatePRTEngine, D3DXCreatePatchMesh, D3DXCreatePolygon, D3DXCreateRenderToEnvMap, D3DXCreateRenderToSurface, D3DXCreateSPMesh, D3DXCreateSkinInfo, D3DXCreateSkinInfoFVF, D3DXCreateSkinInfoFromBlendedMesh, D3DXCreateSphere, D3DXCreateSprite, D3DXCreateTeapot, D3DXCreateTextA, D3DXCreateTextW, D3DXCreateTexture, D3DXCreateTextureFromFileA, D3DXCreateTextureFromFileExA, D3DXCreateTextureFromFileExW, D3DXCreateTextureFromFileInMemory, D3DXCreateTextureFromFileInMemoryEx, D3DXCreateTextureFromFileW, D3DXCreateTextureFromResourceA, D3DXCreateTextureFromResourceExA, D3DXCreateTextureFromResourceExW, D3DXCreateTextureFromResourceW, D3DXCreateTextureGutterHelper, D3DXCreateTextureShader, D3DXCreateTorus, D3DXCreateVolumeTexture, D3DXCreateVolumeTextureFromFileA, D3DXCreateVolumeTextureFromFileExA, D3DXCreateVolumeTextureFromFileExW, D3DXCreateVolumeTextureFromFileInMemory, D3DXCreateVolumeTextureFromFileInMemoryEx, D3DXCreateVolumeTextureFromFileW, D3DXCreateVolumeTextureFromResourceA, D3DXCreateVolumeTextureFromResourceExA, D3DXCreateVolumeTextureFromResourceExW, D3DXCreateVolumeTextureFromResourceW, D3DXDebugMute, D3DXDeclaratorFromFVF, D3DXDisassembleEffect, D3DXDisassembleShader, D3DXFVFFromDeclarator, D3DXFileCreate, D3DXFillCubeTexture, D3DXFillCubeTextureTX, D3DXFillTexture, D3DXFillTextureTX, D3DXFillVolumeTexture, D3DXFillVolumeTextureTX, D3DXFilterTexture, D3DXFindShaderComment, D3DXFloat16To32Array, D3DXFloat32To16Array, D3DXFrameAppendChild, D3DXFrameCalculateBoundingSphere, D3DXFrameDestroy, D3DXFrameFind, D3DXFrameNumNamedMatrices, D3DXFrameRegisterNamedMatrices, D3DXFresnelTerm, D3DXGatherFragments, D3DXGatherFragmentsFromFileA, D3DXGatherFragmentsFromFileW, D3DXGatherFragmentsFromResourceA, D3DXGatherFragmentsFromResourceW, D3DXGenerateOutputDecl, D3DXGeneratePMesh, D3DXGetDeclLength, D3DXGetDeclVertexSize, D3DXGetDriverLevel, D3DXGetFVFVertexSize, D3DXGetImageInfoFromFileA, D3DXGetImageInfoFromFileInMemory, D3DXGetImageInfoFromFileW, D3DXGetImageInfoFromResourceA, D3DXGetImageInfoFromResourceW, D3DXGetPixelShaderProfile, D3DXGetShaderConstantTable, D3DXGetShaderConstantTableEx, D3DXGetShaderInputSemantics, D3DXGetShaderOutputSemantics, D3DXGetShaderSamplers, D3DXGetShaderSize, D3DXGetShaderVersion, D3DXGetVertexShaderProfile, D3DXIntersect, D3DXIntersectSubset, D3DXIntersectTri, D3DXLoadMeshFromXA, D3DXLoadMeshFromXInMemory, D3DXLoadMeshFromXResource, D3DXLoadMeshFromXW, D3DXLoadMeshFromXof, D3DXLoadMeshHierarchyFromXA, D3DXLoadMeshHierarchyFromXInMemory, D3DXLoadMeshHierarchyFromXW, D3DXLoadPRTBufferFromFileA, D3DXLoadPRTBufferFromFileW, D3DXLoadPRTCompBufferFromFileA, D3DXLoadPRTCompBufferFromFileW, D3DXLoadPatchMeshFromXof, D3DXLoadSkinMeshFromXof, D3DXLoadSurfaceFromFileA, D3DXLoadSurfaceFromFileInMemory, D3DXLoadSurfaceFromFileW, D3DXLoadSurfaceFromMemory, D3DXLoadSurfaceFromResourceA, D3DXLoadSurfaceFromResourceW, D3DXLoadSurfaceFromSurface, D3DXLoadVolumeFromFileA, D3DXLoadVolumeFromFileInMemory, D3DXLoadVolumeFromFileW, D3DXLoadVolumeFromMemory, D3DXLoadVolumeFromResourceA, D3DXLoadVolumeFromResourceW, D3DXLoadVolumeFromVolume, D3DXMatrixAffineTransformation, D3DXMatrixAffineTransformation2D, D3DXMatrixDecompose, D3DXMatrixDeterminant, D3DXMatrixInverse, D3DXMatrixLookAtLH, D3DXMatrixLookAtRH, D3DXMatrixMultiply, D3DXMatrixMultiplyTranspose, D3DXMatrixOrthoLH, D3DXMatrixOrthoOffCenterLH, D3DXMatrixOrthoOffCenterRH, D3DXMatrixOrthoRH, D3DXMatrixPerspectiveFovLH, D3DXMatrixPerspectiveFovRH, D3DXMatrixPerspectiveLH, D3DXMatrixPerspectiveOffCenterLH, D3DXMatrixPerspectiveOffCenterRH, D3DXMatrixPerspectiveRH, D3DXMatrixReflect, D3DXMatrixRotationAxis, D3DXMatrixRotationQuaternion, D3DXMatrixRotationX, D3DXMatrixRotationY, D3DXMatrixRotationYawPitchRoll, D3DXMatrixRotationZ, D3DXMatrixScaling, D3DXMatrixShadow, D3DXMatrixTransformation, D3DXMatrixTransformation2D, D3DXMatrixTranslation, D3DXMatrixTranspose, D3DXOptimizeFaces, D3DXOptimizeVertices, D3DXPlaneFromPointNormal, D3DXPlaneFromPoints, D3DXPlaneIntersectLine, D3DXPlaneNormalize, D3DXPlaneTransform, D3DXPlaneTransformArray, D3DXPreprocessShader, D3DXPreprocessShaderFromFileA, D3DXPreprocessShaderFromFileW, D3DXPreprocessShaderFromResourceA, D3DXPreprocessShaderFromResourceW, D3DXQuaternionBaryCentric, D3DXQuaternionExp, D3DXQuaternionInverse, D3DXQuaternionLn, D3DXQuaternionMultiply, D3DXQuaternionNormalize, D3DXQuaternionRotationAxis, D3DXQuaternionRotationMatrix, D3DXQuaternionRotationYawPitchRoll, D3DXQuaternionSlerp, D3DXQuaternionSquad, D3DXQuaternionSquadSetup, D3DXQuaternionToAxisAngle, D3DXRectPatchSize, D3DXSHAdd, D3DXSHDot, D3DXSHEvalConeLight, D3DXSHEvalDirection, D3DXSHEvalDirectionalLight, D3DXSHEvalHemisphereLight, D3DXSHEvalSphericalLight, D3DXSHMultiply2, D3DXSHMultiply3, D3DXSHMultiply4, D3DXSHMultiply5, D3DXSHMultiply6, D3DXSHPRTCompSplitMeshSC, D3DXSHPRTCompSuperCluster, D3DXSHProjectCubeMap, D3DXSHRotate, D3DXSHRotateZ, D3DXSHScale, D3DXSaveMeshHierarchyToFileA, D3DXSaveMeshHierarchyToFileW, D3DXSaveMeshToXA, D3DXSaveMeshToXW, D3DXSavePRTBufferToFileA, D3DXSavePRTBufferToFileW, D3DXSavePRTCompBufferToFileA, D3DXSavePRTCompBufferToFileW, D3DXSaveSurfaceToFileA, D3DXSaveSurfaceToFileInMemory, D3DXSaveSurfaceToFileW, D3DXSaveTextureToFileA, D3DXSaveTextureToFileInMemory, D3DXSaveTextureToFileW, D3DXSaveVolumeToFileA, D3DXSaveVolumeToFileInMemory, D3DXSaveVolumeToFileW, D3DXSimplifyMesh, D3DXSphereBoundProbe, D3DXSplitMesh, D3DXTessellateNPatches, D3DXTessellateRectPatch, D3DXTessellateTriPatch, D3DXTriPatchSize, D3DXUVAtlasCreate, D3DXUVAtlasPack, D3DXUVAtlasPartition, D3DXValidMesh, D3DXValidPatchMesh, D3DXVec2BaryCentric, D3DXVec2CatmullRom, D3DXVec2Hermite, D3DXVec2Normalize, D3DXVec2Transform, D3DXVec2TransformArray, D3DXVec2TransformCoord, D3DXVec2TransformCoordArray, D3DXVec2TransformNormal, D3DXVec2TransformNormalArray, D3DXVec3BaryCentric, D3DXVec3CatmullRom, D3DXVec3Hermite, D3DXVec3Normalize, D3DXVec3Project, D3DXVec3ProjectArray, D3DXVec3Transform, D3DXVec3TransformArray, D3DXVec3TransformCoord, D3DXVec3TransformCoordArray, D3DXVec3TransformNormal, D3DXVec3TransformNormalArray, D3DXVec3Unproject, D3DXVec3UnprojectArray, D3DXVec4BaryCentric, D3DXVec4CatmullRom, D3DXVec4Cross, D3DXVec4Hermite, D3DXVec4Normalize, D3DXVec4Transform, D3DXVec4TransformArray, D3DXWeldVertices

10. C:\WINDOWS\imsins.BAK

0 bytes size received / Se ha recibido un archivo vacio

11. C:\WINDOWS\system32\ezsidmv.dat

File size: 56 bytes
MD5...: ee5a43d64084842c6d8e1104091d0320
SHA1..: 70efa0b6a57d1a16e9e9fdc6a3adb7ae46125748
SHA256: eb2b18586af4c8d1592beb0371ec2e2b36ae4362258f5b7bc1abf198be16261e
SHA512: 2ea62c188ea9e58fad8b89617eb71f7ee7b57b2eac90d2105ee6c7309b0794b2
205d170b4c4040ce8e43ce99b2be5589f80fc91dbab43266d0fc88e359014b30
PEiD..: -
PEInfo: -

12. C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

File size: 127034 bytes
MD5...: 21007bd289539a3ca0d0f3653dc11258
SHA1..: 3f748144d07cd7609dae51ae0588f46e994c73c4
SHA256: 072408c4c02de98c6dfcfa83b86f2dfebeadd1a085c371d2d8b78df9c9e670dc
SHA512: 1063aac29899b35575a6f6369033b4855dcfcddfe733b7690042cd7af9d692c5
ca62c73f4fbb12707abb4ed8be4215b4b369f5a55a34407309bb815bf51cf90b
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp.....: 0x455910f7 (Tue Nov 14 00:42:31 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe10e 0xf000 6.21 e916f8864e9c7b2fe0b96bef1e5f7e45
.rdata 0x10000 0x3c02 0x4000 5.35 5a9c9f9f9ff15ff15dcdd43eb0033aa1
.data 0x14000 0xb6e8 0x9000 4.90 fa1f2d7ab0d9fd1e4b379009d219da58
.rsrc 0x20000 0x1480 0x2000 3.33 5d1e5c5971a2cfe084c97dd0e154025e

( 8 imports )
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CloseHandle, CreateMutexA, lstrlenA, GetLastError, lstrcpyA, GetVersionExA, WaitForSingleObject
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports )
GetUninstallerPath, RemoveUnusedVersions

13. C:\WINDOWS\system32\67F8008A2B.dll

File size: 80 bytes
MD5...: 1b9ac0a42a9256cc8bfac837ce569f51
SHA1..: 2f14766c1ceb64bf31cda7b2ced7a3f1b2e7bec1
SHA256: bacefa143c7359ee0948f52e2dc02bdf8c96c3d15389e7d24891ba463f34a315
SHA512: 463b8256bd09973be9951736d43d0c28e0ad1eebf6e07ad2f45304af6fc67a57
009ef5de88a14b7b2dfa30e232a69c47ab3768a133e8e0808d0d01e291e36bb3
PEiD..: -
PEInfo: -

14. C:\WINDOWS\system32\Drivers\BRGSp50.sys

File size: 20608 bytes
MD5...: ee0f41fa0466189a2c8b9caf7d1cddd5
SHA1..: 01b95b4363154572ef3f64c1a55da79e3eb5e425
SHA256: 961681493d76c604d978710fd6b6d4a44fd418eaa57cbd0bcc7cf66d9b1d51bf
SHA512: ed0072253cf116a5d83c5e33c2713300dec1eae69e3c750ad650d74a7a11cd8a
24c6441aab6552985d1eac7cb15092c009d243c795002d124e9cf6a1d8fd0d8d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10ac6
timedatestamp.....: 0x42a6cc01 (Wed Jun 08 10:44:17 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x371c 0x3780 6.46 ef0bb505120cc98acd12907fd19b68f1
.rdata 0x3c00 0x284 0x300 4.27 9f9e5e97336a9ce5276f1ed6bb81e363
.data 0x3f00 0xe4 0x100 2.48 137021afc166ed97de01d2e653221156
INIT 0x4000 0x86c 0x880 5.14 99ffea6f9a29b1d378b0199decad373a
.rsrc 0x4880 0x3c8 0x400 3.28 8290c18651404d63a1825683fdba17ee
.reloc 0x4c80 0x3ca 0x400 5.60 8470bc84da5d6f7db45a0fdd01a7e307

( 3 imports )
> ntoskrnl.exe: RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, KeInitializeDpc, KeInitializeTimerEx, KeInitializeEvent, KeWaitForSingleObject, KeResetEvent, RtlEqualUnicodeString, KeSetEvent, KeSetTimerEx, KeCancelTimer, ProbeForRead, MmUnlockPages, IoAllocateMdl, MmProbeAndLockPages, IoFreeMdl, ExInterlockedAddLargeStatistic, MmMapLockedPagesSpecifyCache, _except_handler3, InterlockedExchange, DbgPrint, IoReleaseCancelSpinLock, IofCompleteRequest, IoIsWdmVersionAvailable, IoCreateDevice, IoDeleteDevice, RtlAppendUnicodeToString, ExAllocatePoolWithTag, RtlQueryRegistryValues, ExFreePool, IoCreateSymbolicLink, IoDeleteSymbolicLink
> HAL.dll: KeQueryPerformanceCounter, KeGetCurrentIrql
> NDIS.SYS: NdisResetEvent, NdisOpenAdapter, NdisWaitEvent, NdisCompleteBindAdapter, NdisAllocatePacketPool, NdisAllocateBufferPool, NdisInitializeEvent, NdisCloseAdapter, NdisSetEvent, NdisInterlockedDecrement, NdisInterlockedIncrement, NdisFreeSpinLock, NdisFreeBufferPool, NdisFreePacketPool, NdisInitAnsiString, NdisUnicodeStringToAnsiString, NdisGetReceivedPacket, NdisInterlockedRemoveHeadList, NdisAdjustBufferLength, NdisAllocatePacket, NdisAllocateBuffer, NdisTransferData, NdisDprAcquireSpinLock, NdisDprReleaseSpinLock, NdisGetCurrentSystemTime, NdisInterlockedInsertTailList, NdisAcquireSpinLock, NdisReleaseSpinLock, NdisSend, NdisQueryBufferOffset, NdisGetSystemUpTime, NdisRequest, NdisDeregisterProtocol, NdisFreeMemory, NdisInitUnicodeString, NdisUpcaseUnicodeString, NdisAllocateMemoryWithTag, NdisRegisterProtocol, NdisAllocateSpinLock, NdisFreePacket, NdisFreeBuffer, NdisUnchainBufferAtFront, NDIS_BUFFER_TO_SPAN_PAGES

( 0 exports )

14. C:\WINDOWS\system32\DRIVERS\Wcgo phal.sys

0 bytes size received / Se ha recibido un archivo vacio

15. C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys

File size: 91077 bytes
MD5...: f8c766432069333fc21e7e4a647a0596
SHA1..: b86a4ba8e25f53f68ce7c55cf4226a4d50c0a10f
SHA256: 8195dba2f3d8de2b8a982bd46643e9c3a8183f4f6987c0aae596b27c3f071797
SHA512: 186428aff851f85ce0975318747c7dd986f44fb84b95d0db834bf083761f6991
fa219600104dd27a54d7d878a019acbd1dcc8d1cf4a3df4d291906c85df2d5f5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1077c
timedatestamp.....: 0x3c3a6569 (Tue Jan 08 03:20:09 2002)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2e0 0xd9b4 0xd9c0 6.63 2380705103725d4cabfa31091d7fa62d
.rdata 0xdca0 0x99c 0x9a0 1.89 aad3a2a4ae4ddbfd4ef7be39d80bd537
.data 0xe640 0x6318 0x6320 3.45 7ac62e3dd4cc22996bacc29f3f3ca097
PAGECONS 0x14960 0x80 0x80 5.24 de4af32b141e09bdd09cf567a093373a
INIT 0x149e0 0x5fe 0x600 5.33 9d104def0f6f590962ec728fd7cb0664
.rsrc 0x14fe0 0x410 0x420 3.27 f23d9fd2794d55878bb5473f5d0313d4
.reloc 0x15400 0xf7c 0xf80 6.42 71a0f69474600ff001395598327c86c9

( 4 imports )
> ntoskrnl.exe: IoGetDeviceInterfaces, KeQuerySystemTime, _allmul, KeResetEvent, ObfDereferenceObject, ObReferenceObjectByHandle, RtlQueryRegistryValues, DbgPrint, KeInitializeSemaphore, KeSetTimer, KeInitializeDpc, KeInitializeTimer, KeCancelTimer, IoFreeIrp, IoCancelIrp, IoInitializeIrp, KeInitializeEvent, RtlCompareMemory, IoBuildDeviceIoControlRequest, ZwClose, IoOpenDeviceRegistryKey, ZwOpenKey, PsTerminateSystemThread, ZwLoadDriver, IoGetDeviceObjectPointer, MmMapLockedPages, MmProbeAndLockPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, _except_handler3, IoFreeMdl, MmUnlockPages, RtlAppendUnicodeToString, RtlWriteRegistryValue, ExAllocatePoolWithTag, KeSetEvent, KeWaitForSingleObject, IoSetDeviceInterfaceState, ExFreePool, PsCreateSystemThread, RtlInitUnicodeString, ZwQueryValueKey, ZwEnumerateKey, IoAllocateIrp, IofCallDriver
> HAL.dll: KfLowerIrql, KfRaiseIrql, KeGetCurrentIrql, KeStallExecutionProcessor
> STREAM.SYS: StreamClassDeviceNotification
> USBCAMD.SYS: USBCAMD_GetRegistryKeyValue, USBCAMD_SelectAlternateInterface, USBCAMD_DriverEntry, USBCAMD_AdapterReceivePacket, USBCAMD_ControlVendorCommand


16. C:\WINDOWS\system32\DRIVERS\WEMFX_AT.SYS

File size: 33536 bytes
MD5...: 25407685d7e10104ea7b8113bd2361f7
SHA1..: 16958e040e913897278c4fee6d7d3f7f244386bd
SHA256: 7bdb4b85f2fe5acff2ad628ceb27cc7140bf4520c0e599ff8bb4393df003ede3
SHA512: c5dbed7666aa82fc9e3c2aeb89ff9f75d3cc7f69d624fd9e54b8261bf7c2eec8
a101289c8e60a122797361e8814e8b0afc77910276c7c15e1c62a5c7a1dd499c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x105f8
timedatestamp.....: 0x41b541da (Tue Dec 07 05:38:34 2004)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x6bf4 0x6c00 6.52 9e2fde9de8aa70cc54c92d3e4ad82f44
.rdata 0x6f00 0x1b4 0x200 3.92 60a4988d39dd4f1b56360a07e507ca3c
.data 0x7100 0x4c 0x80 1.15 13189e52ef213f0a732f1fe9902e51df
INIT 0x7180 0x700 0x700 5.20 a2c3d32a6eaea4285672947c829d84f7
.rsrc 0x7880 0x408 0x480 3.14 0f37bd67512a255430bb7dbb98e2e557
.reloc 0x7d00 0x600 0x600 6.22 6ac9fd9d4d043696f1aa26b3939f65ea

( 3 imports )
> ntoskrnl.exe: IoSetDeviceInterfaceState, IoRegisterDeviceInterface, IoInitializeTimer, KeInitializeSpinLock, IoAttachDeviceToDeviceStack, IoCreateDevice, IofCompleteRequest, _wcsnicmp, wcslen, PoRegisterDeviceForIdleDetection, IoStopTimer, IoDetachDevice, ExFreePool, IoDeleteDevice, KeSetEvent, InterlockedDecrement, ObfReferenceObject, ExAllocatePoolWithTag, RtlAnsiStringToUnicodeString, RtlInitAnsiString, sprintf, ZwClose, IoOpenDeviceRegistryKey, IoStartTimer, PoCallDriver, PoStartNextPowerIrp, RtlInitString, IoStartNextPacket, KeClearEvent, InterlockedIncrement, ExQueueWorkItem, IoStartPacket, IoCancelIrp, IoBuildSynchronousFsdRequest, IoReleaseCancelSpinLock, InterlockedExchange, IoAcquireCancelSpinLock, KeRemoveEntryDeviceQueue, ZwQueryValueKey, ZwSetValueKey, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, memmove, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoBuildPartialMdl, RtlInitUnicodeString, RtlUnicodeStringToAnsiString, RtlFreeUnicodeString, IoAllocateIrp, KeInitializeEvent, IofCallDriver, KeWaitForSingleObject, PoRequestPowerIrp, IoFreeIrp, _except_handler3
> HAL.dll: KfRaiseIrql, KfReleaseSpinLock, KfAcquireSpinLock, KfLowerIrql
> USBD.SYS: USBD_GetUSBDIVersion, _USBD_CreateConfigurationRequestEx@8, _USBD_ParseConfigurationDescriptorEx@28

18. 0 bytes size received / Se ha recibido un archivo vacio

Das CF Log ist ok, poste ein neues HJT Log.

Was für Email- Sammelprog ist denn zu empfehlen...?!
Und was mach ich jetzt wegen, mit den anderen Prog.´s wie cCleaner, SuperAntiSpyware, Malewarebytes...usw???!!
Hab schon 2 * gefragt....

eMail: Thunderbird, Eudora ggf. Outlook
SASW und MBAM sind OnDemand Scanner, die nur nach Bedarf scannen und nicht dauerhaft aktiv sind. Sie können daher im System verbleiben.
Zum Rest Deiner Anwednungen habe ich mich schon geäußert.
Bei derartiger Nutzung, ist es kein Wunder das Du derartige Probleme hast.

Wie idt der Status jetzt?

Na das sind ja mal schöne Nachrichten, das mal was OKay ist !!

Hab die restlichen deinstall und das ich Probleme hatte, ist doch nicht auf die Prog. zu führen. Die musste ich ja für die Viren und Maleware- bekämpfung laden.

Aber denke jetz passt´s !

Mein Status jetz, ist perfekt, keinerlei Meldungen mehr...
ABER...soll/ kann ich Antivir als permanenten Sacnner laufen lassen oder welches bietet sich eher?

Und was ist mit SpyBot, hatte ich ja auch ?!

Hier die neue HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

Meines Erachtens kannst Du diese Programme auf dem Rechner lassen (Spybot, MBAM SASW), sie laufen wie gesagt nicht aktiv mit (außer dem SDHelper und dem Teatimer, wenn aktiviert).
Die in meinen Augen kritischen Programme sind Deine torrent Tools. Sicher kann man damit auch ganz schön legale Downloads bekommen, aber die haben nicht derartige Auswirkungen aus das System.
Wenn jetzt alles ok, ist dann gut.
Dies noch:

Um Combofix zu loeschen(den qoobox ordner) gebe unter Start /Ausführen "combofix /u" ein. Ohne die " natürlich.

Alles klar, weis ich Bescheid.

Was für Torrent Tools, hab gar keine drauf...zumindest nicht bewusst !
Wie find ich das raus??

Und noch was, immer wenn ein Download beendet ist, kommt diese Meldung:

"Die CRC- Summe von NOTIFIER.EXE wurde verändert ! Dies könnte von einem Virus verursacht worden sein ! "

Was mach ich damit??
gibts ne Lösung...??

Zitat:

- emule
- Tor / Vidalia
- limewire

Diese

Aktualisiere Antivir, stelle es ein wie hier beschrieben und führe einen Systemscan durch. Das Log kannst Du dann hier posten.