"Antivir XP 2008" und die Folgen

blueshirtxxl · 31.07.2008, 18:32

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by Korhan on 2008-07-31 19:19:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-31 17:19:10 UTC - RP629 - Deckard's System Scanner Restore Point
2: 2008-07-26 17:34:21 UTC - RP628 - Systemprüfpunkt
1: 2008-07-24 12:57:35 UTC - RP627 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.75 GiB (less than 15%) free.


-- HijackThis (run as Korhan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:37, on 31.07.2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
K:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
K:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
K:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
K:\Proggys\Alles Hilfsprogramme für PC und Audio\Nero 8\Nero BackItUp\NBService.exe
C:\Programme\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
E:\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
K:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
K:\Proggys\Spybot - Search & Destroy\TeaTimer.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
K:\pando downloads\dss.exe
K:\Programme\HIJACK~1\Korhan.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Programme\YSIGet\YSIGet.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Programme\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\Proggys\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {f5c93451-2609-4723-a053-5c19516be1a8} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "K:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoveWGA] O:\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketAppCenter.exe] "C:\Programme\Rocket Software\Rocket Mobile & Security Apps\MobileCenter.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Proggys\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Komfort-Wecker.lnk = E:\komfortwecker\KomfortWecker.exe
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: YSIGet it! - C:\Programme\YSIGet\wgbho.js
O8 - Extra context menu item: Zu &Windows Live Favorites hinzufügen - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - 
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - 
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - 
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - K:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - K:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: FanSpeedNT Service - Unknown owner - K:\Proggys\Alles Hilfsprogramme für PC und Audio\fanspeedNT.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Proggys\Alles Hilfsprogramme für PC und Audio\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8242 bytes

-- HijackThis Fixed Entries (K:\Programme\HIJACK~1\backups\) -------------------

backup-20050531-135012-102 O1 - Hosts: 62.75.224.159 www.rg4.com
backup-20050531-135012-204 O1 - Hosts: 62.75.224.159 www.rg7.com
backup-20050531-135012-374 O1 - Hosts: 62.75.224.159 rg5.com
backup-20050531-135012-420 O1 - Hosts: 62.75.224.159 rg3.com
backup-20050531-135012-424 O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - J:\Programme\DAP\DAPBHO.dll
backup-20050531-135012-465 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - J:\Programme\DAP\DAP.EXE
backup-20050531-135012-569 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20050531-135012-582 O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - J:\\Proggys\\Preispiraten2\\preispiraten.html
backup-20050531-135012-596 O1 - Hosts: 62.75.224.159 rg8.com
backup-20050531-135012-615 O1 - Hosts: 62.75.224.159 rg6.com
backup-20050531-135012-683 O1 - Hosts: 62.75.224.159 rg2.com
backup-20050531-135012-706 O1 - Hosts: 62.75.224.159 www.rg3.com
backup-20050531-135012-739 O1 - Hosts: 62.75.224.159 www.rg6.com
backup-20050531-135012-785 O1 - Hosts: 62.75.224.159 2004CMS.com
backup-20050531-135012-864 O1 - Hosts: 62.75.224.159 www.rg2.com
backup-20050531-135012-877 O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://peter-heck.dyndns.org:8881/plugin/h263ctrl.cab
backup-20050531-135012-916 O1 - Hosts: 62.75.224.159 www.rg5.com
backup-20050531-135012-926 O1 - Hosts: 62.75.224.159 bns1.m7z.net
backup-20050531-135012-929 O1 - Hosts: 62.75.224.159 rg1.com
backup-20050531-135012-931 O1 - Hosts: 62.75.224.159 j.2004CMS.com
backup-20050531-135012-936 O1 - Hosts: 62.75.224.159 www.rg8.com
backup-20050531-135012-944 O1 - Hosts: 62.75.224.159 rg4.com
backup-20050531-135012-947 O1 - Hosts: 62.75.224.159 www.rg1.com
backup-20050531-135012-953 O1 - Hosts: 62.75.224.159 rg7.com
backup-20050531-135613-933 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
backup-20050601-205108-230 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
backup-20050601-205108-309 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
backup-20050601-205108-487 O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - J:\Proggys\Preispiraten2\preispiraten2ie.exe
backup-20050601-205108-494 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://J:\MICROS~1\Office10\EXCEL.EXE/3000
backup-20050601-205108-535 O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
backup-20050601-205108-851 O8 - Extra context menu item: Download &all with DAP - J:\Programme\DAP\dapextie2.htm
backup-20050601-205108-873 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
backup-20050601-205108-933 O8 - Extra context menu item: &Download with &DAP - J:\Programme\DAP\dapextie.htm
backup-20080728-141136-592 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe (file missing)
backup-20080728-141136-695 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
backup-20080728-141136-823 O4 - HKLM\..\Run: [SMrhc321j0e3dn] C:\Programme\rhc321j0e3dn\rhc321j0e3dn.exe
backup-20080728-141137-115 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080728-141137-249 O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
backup-20080728-141137-828 O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080728-144500-265 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080728-144500-391 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080728-144500-463 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080728-144500-722 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
backup-20080728-144500-867 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080728-144500-870 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
backup-20080728-144501-376 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
backup-20080728-144502-207 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
backup-20080728-150056-865 O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} - 
backup-20080728-150056-931 O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll
backup-20080728-150057-685 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - 
backup-20080728-150059-955 O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - 
backup-20080728-150557-544 O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 VMparport (VMware VMparport) - c:\windows\system32\drivers\vmparport.sys <Not Verified; VMware, Inc.; VMware parallel port driver>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\programme\gemeinsame dateien\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Player>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 fspio - c:\windows\system32\drivers\fspio.sys
S3 MEMSWEEP2 - c:\windows\system32\9.tmp (file missing)
S3 NETFWDSL (AVM FRITZ!web DSL PPP) - c:\windows\system32\drivers\netfwdsl.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys (file missing)
S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
S3 TIAcxubt (D-Link WLAN USB Boot Device) - c:\windows\system32\drivers\tiacxubt.sys (file missing)
S3 TIACXUSB (D-Link AirPlus DWL-120+ Wireless USB Adapter) - c:\windows\system32\drivers\tiacxusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "k:\programme\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "k:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Nero BackItUp Scheduler 3 - k:\proggys\alles hilfsprogramme für pc und audio\nero 8\nero backitup\nbservice.exe
R2 VMAuthdService (VMware Authorization Service) - e:\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Player>
R2 vmount2 (VMware Virtual Mount Manager Extended) - "c:\programme\gemeinsame dateien\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Player>
R2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Player>

S2 FanSpeedNT Service - "k:\proggys\alles hilfsprogramme für pc und audio\fanspeednt.exe"  (file missing)
S2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Player>
S3 de_serv (AVM FRITZ!web Routing Service) - c:\programme\gemeinsame dateien\avm\de_serv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 17:19:58       348 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 18:21:56         0 dr-h----- C:\Dokumente und Einstellungen\Korhan\Recent
2008-07-29 19:45:25         0 d--hs---- C:\WINDOWS\CSC
2008-07-29 16:58:31      2128 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 16:58:03     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-29 16:58:03    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-29 16:58:03     86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-29 16:58:03    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-29 16:58:03     82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-29 16:58:03     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-29 16:58:03     81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-29 16:58:02     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-29 16:57:58         0 d-------- C:\Dokumente und Einstellungen\Korhan\SmitfraudFix
2008-07-28 15:41:59         0 d-------- C:\WINDOWS\system32\system
2008-07-15 16:14:27         0 d-------- C:\WINDOWS\system32\msmq
2008-07-08 16:31:29         0 d-------- C:\Programme\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-07-31 18:13:01         0 d-------- C:\Programme\Google
2008-07-29 17:24:20         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\Malwarebytes
2008-07-27 13:39:38         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\TmpRecentIcons
2008-07-26 21:17:06         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\Skype
2008-07-26 20:44:42         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\skypePM
2008-07-26 20:15:55         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\U3
2008-07-24 14:45:23         0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-18 12:22:16        91 --a----c- C:\WINDOWS\popcinfo.dat
2008-07-15 16:18:45    434528 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-15 16:18:45     81642 --a------ C:\WINDOWS\system32\perfc007.dat
2008-07-15 16:16:53         0 d-------- C:\Programme\Windows NT
2008-07-14 16:26:03         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\Canon
2008-07-05 15:49:32    332104 --a------ C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-07-04 14:46:25         0 d-------- C:\Programme\Opera
2008-06-30 19:05:57         0 d-------- C:\Programme\Picasa2
2008-06-26 20:57:55         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\BloodTies
2008-06-18 12:10:21         0 d-------- C:\Dokumente und Einstellungen\Korhan\Anwendungsdaten\Mozilla
2008-06-03 11:20:36         0 --a----c- C:\WINDOWS\system32\BWFAX
2008-05-08 18:29:21        56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
 Registry Dump ---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 11:12]
"avgnt"="K:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17.07.2008 20:21]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [09.06.2004 16:37]
"LWBMOUSE"="C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [26.03.2001 06:35]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [01.03.2007 15:57]
"RemoveWGA"="O:\RemoveWGA.exe" []
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [12.02.2008 16:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12.02.2008 16:55]
"RocketAppCenter.exe"="C:\Programme\Rocket Software\Rocket Mobile & Security Apps\MobileCenter.exe" [17.06.2005 11:06]
"SpybotSD TeaTimer"="K:\Proggys\Spybot - Search & Destroy\TeaTimer.exe" [31.05.2005 02:04]

C:\Dokumente und Einstellungen\Korhan\Startmen�\Programme\Autostart\
Komfort-Wecker.lnk - E:\komfortwecker\KomfortWecker.exe [12.10.2003 10:14:15]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
BitWare Print Monitor.lnk - C:\BITWARE\NT\bwprnmon.exe [21.11.2007 13:58:05]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [13.02.2001 02:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] 
C:\WINDOWS\System32\dimsntfy.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeFaster]
K:\Proggys\BeFaster\befaster3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Programme\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs	eaphost
dot3svc	dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9fbce67-8229-11da-9d97-806d6172696f}]
AutoRun\command- L:\_isauto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9fbce71-8229-11da-9d97-806d6172696f}]
AutoRun\command- K:\setupSNK.exe
System Scanner: finished at 2008-07-31 19:22:30

"Antivir XP 2008" und die Folgen

Plagegeister aller Art und deren Bekämpfung: "Antivir XP 2008" und die Folgen

"Antivir XP 2008" und die Folgen

Ähnliche Themen: "Antivir XP 2008" und die Folgen