Trojaner-Board - Habe ein Virenproblem ich bitte um Hilfe!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Habe ein Virenproblem ich bitte um Hilfe! (https://www.trojaner-board.de/51759-habe-virenproblem-bitte-um-hilfe.html)

Habe ein Virenproblem ich bitte um Hilfe!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:53, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret\upobwvgh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vsnp2std.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\LClock\lclock.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\shczengx.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programme\EA SPORTS\FUSSBALL MANAGER 08\Manager08.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\3616\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\3616\toolbaru.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [b481694e] rundll32.exe "C:\WINDOWS\system32\hdpirvqt.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programme\LClock\lclock.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gnkcvnzj] C:\WINDOWS\system32\shczengx.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [6anLld3drR] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret\upobwvgh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204741115538
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

--
End of file - 8841 bytes

Hallo VincenzoSap

1.
wende ccleaner an
CCleaner

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat:

O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)

O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll (file missing)

O4 - HKLM\..\Run: [b481694e] rundll32.exe "C:\WINDOWS\system32\hdpirvqt.dll",b

O4 - HKCU\..\Run: [gnkcvnzj] C:\WINDOWS\system32\shczengx.exe

O4 - HKLM\..\Policies\Explorer\Run: [6anLld3drR] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret\upobwvgh.exe

O15 - Trusted Zone: ht*tp://click.getmirar. (HKLM)
O15 - Trusted Zone: h*tp://click.mirarsearch. (HKLM)
O15 - Trusted Zone: ht*tp://redirect.mirarsearch. (HKLM)
O15 - Trusted Zone: ht*tp://awbeta.net-nucleus. (HKLM)

2.
wende Combofix an (Warnmeldung wegklicken + poste den report hier
combofix

ComboFix 08-04-20.5 - Vincenzo Saputo 2008-04-22 18:28:40.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1585 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Vincenzo Saputo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\akl
C:\Programme\akl\akl.dll
C:\Programme\akl\akl.exe
C:\Programme\akl\uninstall.exe
C:\Programme\akl\unsetup.exe
C:\Programme\Inet Delivery
C:\Programme\Inet Delivery\inetdl.exe
C:\Programme\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
---- Previous Run -------
.
C:\Programme\akl
C:\Programme\Inet Delivery
C:\Programme\PlayMP3z
C:\Programme\PlayMP3z\PlayMP3.exe
C:\Programme\PlayMP3z\uninstall.exe
C:\WINDOWS\a.bat
C:\WINDOWS\mslagent
C:\WINDOWS\system32\baJRuBeg.ini
C:\WINDOWS\system32\baJRuBeg.ini2
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\ddcCTnKc.dll
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\geBuRJab.dll
C:\WINDOWS\system32\hdpirvqt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tqvripdh.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-22 bis 2008-04-22 ))))))))))))))))))))))))))))))
.

2008-04-22 17:30 . 2008-04-22 17:30 98,304 --a------ C:\WINDOWS\system32\tmngvkpy.exe
2008-04-22 17:30 . 2008-04-22 17:30 4,096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-04-22 17:20 . 2008-04-22 17:20 98,304 --a------ C:\WINDOWS\system32\lojyhslc.exe
2008-04-22 16:26 . 2008-04-22 16:26 <DIR> d-------- C:\Programme\Trend Micro
2008-04-22 16:14 . 2008-04-22 16:15 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-22 16:14 . 2008-04-22 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Malwarebytes
2008-04-22 16:14 . 2008-04-22 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-21 22:09 . 2008-04-21 22:09 16,923 --ahs---- C:\WINDOWS\system32\xaaIlnpo.ini
2008-04-21 22:07 . 2008-04-21 22:07 272,896 --a------ C:\WINDOWS\system32\opnlIaax.dll.vir
2008-04-21 22:05 . 2008-04-21 22:10 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Programme\Trojan Remover
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Simply Super Software
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
2008-04-21 22:03 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-21 22:03 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-21 22:03 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-21 22:03 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-21 22:03 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-21 21:15 . 2008-04-21 21:15 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret
2008-04-16 19:51 . 2008-04-16 19:51 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Apple Computer
2008-04-16 18:55 . 2008-04-20 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 18:55 . 2008-04-16 18:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 21:32 . 2008-04-22 15:44 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\temp
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Programme\QuickTime
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Programme\Apple Software Update
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-04-14 22:18 . 2008-04-14 22:18 <DIR> d-------- C:\Programme\Pineapple Works
2008-04-13 16:10 . 2008-04-13 16:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2008-04-13 16:08 . 2008-04-13 16:08 <DIR> d-------- C:\Programme\Yahoo!
2008-04-13 16:08 . 2008-04-13 16:08 <DIR> d-------- C:\Programme\CCleaner
2008-04-06 18:49 . 2008-04-15 20:44 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-05 09:28 . 2008-04-05 09:28 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\Ahead
2008-04-01 20:57 . 2008-04-01 20:57 <DIR> d-------- C:\Programme\SopCast
2008-03-31 20:13 . 2008-03-31 20:13 <DIR> d-------- C:\WINDOWS\OvtCam
2008-03-31 19:56 . 2003-10-15 17:52 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-03-31 19:56 . 2003-10-15 17:52 200,704 --a------ C:\WINDOWS\sel3110.exe
2008-03-31 19:56 . 2003-10-15 17:52 174,530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2008-03-31 19:56 . 2003-10-15 17:52 135,168 --a------ C:\WINDOWS\ov519cap.exe
2008-03-31 19:56 . 2003-10-15 17:52 61,440 --a------ C:\WINDOWS\ov519dib.dll
2008-03-31 19:56 . 2003-10-15 17:52 40,960 --a------ C:\WINDOWS\system32\ov519ext.dll
2008-03-31 19:56 . 2003-10-15 17:52 40,960 --a------ C:\WINDOWS\CleanDev.exe
2008-03-31 19:56 . 2003-10-15 17:52 25,211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2008-03-31 19:56 . 2003-10-15 17:52 25,099 --a------ C:\WINDOWS\system32\ov519ext.ax
2008-03-31 19:56 . 2003-10-15 17:52 16,426 --a------ C:\WINDOWS\system32\ov519usd.dll
2008-03-31 19:51 . 2008-03-31 19:51 <DIR> d-------- C:\Programme\Ahead
2008-03-30 21:13 . 2008-03-30 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\AVS4YOU
2008-03-30 21:13 . 2008-03-30 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-03-30 21:12 . 2008-03-30 21:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-03-30 21:12 . 2008-03-30 21:13 <DIR> d-------- C:\Programme\AVS4YOU
2008-03-30 21:04 . 2008-03-30 21:04 <DIR> d-------- C:\Programme\Xilisoft
2008-03-30 21:04 . 2005-11-21 07:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-03-30 21:04 . 2005-11-21 07:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-03-30 00:25 . 2004-08-04 01:58 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-30 00:25 . 2004-08-04 01:58 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-30 00:25 . 2004-08-04 00:58 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-30 00:25 . 2004-08-04 00:58 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-30 00:25 . 2004-08-04 00:57 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 00:25 . 2004-08-04 00:57 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 00:25 . 2004-08-04 00:58 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 00:25 . 2004-08-04 00:58 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 14:07 . 2008-03-29 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\DirectX
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Support
2008-03-29 14:06 . 2008-03-29 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\data
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Autorun
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\alocale
2008-03-29 14:06 . 2008-03-07 16:40 5,423,104 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\EURO08.exe
2008-03-29 14:06 . 2008-03-13 20:26 1,784,320 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\autorun.dat
2008-03-29 14:06 . 2008-01-28 12:54 397,312 -ra------ C:\Dokumente und Einstellungen\Vincenzo Saputo\AutoRun.exe
2008-03-29 14:06 . 2008-01-28 12:54 380,928 -ra------ C:\Dokumente und Einstellungen\Vincenzo Saputo\EASetup.exe
2008-03-29 14:06 . 2008-03-07 16:35 21,060 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\config.dat
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:55 . 2008-04-21 21:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-28 15:00 . 2008-03-28 15:00 1,024 --ah----- C:\Dokumente und Einstellungen\Default User\NtUser.dat.LOG
2008-03-28 14:59 . 2008-03-28 14:59 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Ahead
2008-03-28 14:57 . 2008-03-28 14:57 <DIR> d-------- C:\Programme\Nero
2008-03-28 14:57 . 2008-03-28 15:00 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-03-28 14:57 . 2008-03-28 14:57 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-03-28 02:09 . 2008-03-28 02:09 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\MY_STAMPS
2008-03-28 02:09 . 2008-03-28 11:46 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\MY_BKG
2008-03-28 02:09 . 2008-04-05 09:28 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Meine_Bilder
2008-03-28 02:09 . 2008-03-28 11:30 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Meine_Ausweise
2008-03-26 15:54 . 2008-03-26 15:54 <DIR> d-------- C:\Programme\MSXML 4.0
2008-03-26 14:29 . 2008-04-22 15:29 <DIR> d-------- C:\Programme\NavigationAdvisor
2008-03-25 23:28 . 2008-03-25 23:29 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Programme\Sony Ericsson
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2008-03-25 19:08 . 2008-03-25 19:09 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Documents
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2008-03-25 19:07 . 2008-03-25 19:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-25 19:07 . 2008-03-25 19:07 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-03-25 19:07 . 2008-03-25 19:07 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-25 19:07 . 2008-03-25 19:07 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-03-25 19:07 . 2008-03-25 19:07 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
13 Datei(en) . 101,138,959 C:\ComboFix\Bytes
4 Datei(en) . 3,409,216 C:\ComboFix\Bytes
2 Datei(en) . 238,592 C:\ComboFix\Bytes
1 Datei(en) . 390,017 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 15:10 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQ
2008-04-22 13:29 --------- d-----w C:\Programme\EA SPORTS
2008-04-21 19:15 114,688 ----a-w C:\WINDOWS\system32\shczengx.exe
2008-04-21 19:15 1,871 ----a-w C:\WINDOWS\Web\def.htm.vir
2008-04-21 13:55 --------- d-----w C:\Programme\ContextProgram
2008-04-21 11:48 94,208 ----a-w C:\WINDOWS\olgdqarf.exe.vir
2008-04-21 11:48 81,920 ----a-w C:\WINDOWS\wxvgsdbq.exe.vir
2008-04-21 11:48 217,088 ----a-w C:\WINDOWS\wdpoefan.dll.vir
2008-04-21 11:48 212,992 ----a-w C:\WINDOWS\qnmargolxpg.dll.vir
2008-04-21 11:48 188,416 ----a-w C:\WINDOWS\vadokmxt.dll.vir
2008-04-21 11:48 155,648 ----a-w C:\WINDOWS\dpevflbg.dll.vir
2008-04-21 11:11 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQ
2008-04-11 17:26 --------- d-----w C:\Programme\ICQLite
2008-04-09 12:17 --------- d-----w C:\Programme\ICQ6
2008-03-27 20:44 --------- d-----w C:\Programme\FBrowsingAdvisor
2008-03-26 12:29 --------- d-----w C:\Programme\FBrowserAdvisor
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 14:59 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\DivX
2008-03-19 10:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-19 10:12 --------- d--h--r C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\SecuROM
2008-03-19 10:01 --------- d-----w C:\Programme\Fifa Master
2008-03-18 20:01 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\mIRC
2008-03-18 20:00 --------- d-----w C:\Programme\mIRC
2008-03-18 18:36 --------- d-----w C:\Programme\PPLive
2008-03-18 18:35 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\PPLive
2008-03-18 11:15 --------- d-----w C:\Programme\Gemeinsame Dateien\ScanSoft Shared
2008-03-18 11:13 --------- d-----w C:\Programme\TextBridge Pro 9.0
2008-03-18 11:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-03-18 11:03 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-18 11:03 --------- d-----w C:\Programme\Ulead Systems
2008-03-15 09:12 --------- d-----w C:\Programme\UberIcon
2008-03-15 09:10 --------- d-----w C:\Programme\LClock
2008-03-15 09:09 --------- d-----w C:\Programme\Vista Drive Icon
2008-03-13 17:36 --------- d-----w C:\Programme\ICQToolbar
2008-03-13 17:36 --------- d-----w C:\Programme\ICQ618_35_47
2008-03-13 17:35 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\InstallShield
2008-03-13 17:07 --------- d-----w C:\Programme\Windows Media Connect 2
2008-03-11 21:45 --------- d-----w C:\Programme\Gemeinsame Dateien\snp2std
2008-03-11 21:44 --------- d-----w C:\Programme\Gemeinsame Dateien\ArcSoft
2008-03-11 21:44 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ArcSoft
2008-03-11 21:43 --------- d-----w C:\Programme\ArcSoft
2008-03-11 12:31 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-03-10 19:53 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\DivX
2008-03-10 19:52 --------- d-----w C:\Programme\DivX
2008-03-08 22:45 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Azureus
2008-03-08 18:38 --------- d-----w C:\Programme\Microsoft Silverlight
2008-03-08 17:08 --------- d-----w C:\Programme\Azureus
2008-03-08 09:00 --------- d-----w C:\Programme\Google
2008-03-07 21:50 --------- d-----w C:\Programme\Java
2008-03-07 21:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-03-07 17:23 380,928 ----a-w C:\WINDOWS\system32\WinNB58.dll.vir
2008-03-07 17:16 --------- dcsh--w C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-03-07 17:16 --------- d-----w C:\Programme\Windows Live Toolbar
2008-03-07 17:16 --------- d-----w C:\Programme\Windows Live Favorites
2008-03-07 13:45 --------- d-----w C:\Programme\Windows Live
2008-03-07 13:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-03-07 13:42 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQ Toolbar
2008-03-07 13:28 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQLite
2008-03-07 13:26 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ATI
2008-03-07 13:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
2008-03-07 13:08 --------- d-----w C:\Programme\IVT Corporation
2008-03-06 14:26 --------- d-----w C:\Programme\Microsoft Works
2008-03-06 14:20 --------- d-----w C:\Programme\Microsoft Works Suite 2003
2008-03-05 22:03 --------- d-----w C:\Programme\BearShare
2008-03-05 20:03 65,143 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-05 20:03 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-05 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-05 19:31 --------- d-----w C:\Programme\DIFX
2008-03-05 19:30 --------- d-----w C:\Programme\Realtek
2008-03-05 19:10 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\InstallShield
2008-03-05 19:06 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQ Toolbar
2008-03-05 19:03 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQLite
2008-03-05 18:26 --------- d-----w C:\Programme\RegCleaner
2008-03-05 18:05 --------- d-----w C:\Programme\MSI
2008-03-05 17:58 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\ATI
2008-03-05 17:55 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ATI
2008-03-05 17:53 --------- d-----w C:\Programme\ATI Technologies
2008-03-05 17:52 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-05 17:52 --------- d-----w C:\Programme\Gemeinsame Dateien\ATI Technologies
2008-03-05 17:32 --------- d-----w C:\Programme\microsoft frontpage
2008-03-05 17:31 --------- d-----w C:\Programme\Online-Dienste
2008-03-05 17:30 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_17.22.48.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 15:19:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 15:30:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\anticipator.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\anticipator.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\awtoolb.dll
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\awtoolb.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\bdn.com
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\bdn.com
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\dpcproxy.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\dpcproxy.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\h@tkeysh@@k.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\h@tkeysh@@k.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\hoproxy.dll
+ 2008-04-22 15:30:42 4,096 ----a-w C:\WINDOWS\system32\hoproxy.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.dat
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.dat
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\medup012.dll
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\medup012.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\medup020.dll
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\medup020.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\msgp.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\msgp.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\msnbho.dll
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\msnbho.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\mssecu.exe
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\mssecu.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\msvchost.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\msvchost.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\mtr2.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\mtr2.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\mwin32.exe
+ 2008-04-22 15:30:42 4,096 ----a-w C:\WINDOWS\system32\mwin32.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\netode.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\netode.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\newsd32.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\newsd32.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\ps1.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\ps1.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\psof1.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\psof1.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\psoft1.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\psoft1.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\regc64.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\regc64.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\regm64.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\regm64.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\Rundl1.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\Rundl1.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\smp\msrc.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\smp\msrc.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\sncntr.exe
+ 2008-04-22 15:30:42 4,096 ----a-w C:\WINDOWS\system32\sncntr.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\ssurf022.dll
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\ssurf022.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\ssvchost.com
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\ssvchost.com
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\ssvchost.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\ssvchost.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\sysreq.exe
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\sysreq.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\taack.dat
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\taack.dat
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\taack.exe
+ 2008-04-22 15:30:41 4,096 ----a-w C:\WINDOWS\system32\taack.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\temp#01.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\temp#01.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\thun.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\thun.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\thun32.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\thun32.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\vbsys2.dll
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\vbsys2.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\vcatchpi.dll
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\vcatchpi.dll
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\winlogonpc.exe
+ 2008-04-22 15:30:42 4,096 ----a-w C:\WINDOWS\system32\winlogonpc.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\winsystem.exe
+ 2008-04-22 15:30:40 4,096 ----a-w C:\WINDOWS\system32\winsystem.exe
- 2008-04-21 19:15:53 4,096 ----a-w C:\WINDOWS\system32\WINWGPX.EXE
+ 2008-04-22 15:30:39 4,096 ----a-w C:\WINDOWS\system32\WINWGPX.EXE
.

Hallo,

gvkiller
GV Killer

Doppelklick GV-Killer und TextEditor wird sich öffnen
kopiere das Unterstehende rein:

Code:

C:\WINDOWS\system32\tmngvkpy.exe

C:\WINDOWS\system32\akttzn.exe

C:\WINDOWS\system32\lojyhslc.exe

C:\WINDOWS\system32\xaaIlnpo.ini

C:\WINDOWS\system32\opnlIaax.dll.vir

C:\WINDOWS\system32\WinNB58.dll.vir

C:\WINDOWS\olgdqarf.exe.vir

C:\WINDOWS\wxvgsdbq.exe.vir

C:\WINDOWS\wdpoefan.dll.vir

C:\WINDOWS\qnmargolxpg.dll.vir

C:\WINDOWS\vadokmxt.dll.vir

C:\WINDOWS\dpevflbg.dll.vir

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret

speichere die Daten (Speichern als...)
input.txt - Speichern
Klicke "Kill on reboot" und lass den Rechner neu starten

http://virus-protect.org/artikel/bilder/gv2.png

poste dann bitte ein neues Log von Combofix - aber bitte komplett, nicht nur die Hälfte....

Logfile GV_Killer_01.txt v7.0.7 - Copyright © GV_Soft Guido Vaesen
Rapport datum: 23.04.2008 15:45:45 log van Vincenzo Saputo , Beheerder van deze computer
Platform: Windows XP Home SP2 DEU Normale modus

BEGIN Geplande taken-----------------------------------------------------------------
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
EINDE Geplande taken-----------------------------------------------------------------

Lijst Notify keys--------------------------------------------------------------------
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify
AtiExtEvent Ati2evxx.dll
Einde Notify keys--------------------------------------------------------------------

Verklaring Errorcodes----------------------------------------------------------------
code 00 : Bestand is verwijderd.
code 53 : Bestand of map werd niet gevonden op uw PC.
code 70 : Bestand was in gebruik.
code 75 : Services zijn nog geladen of bestand in gebruik.
code M0 : Map is verwijderd.
code ML : Map is volledig leeg gemaakt.
code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
code K0 : Register key is verwijderd.
Einde Errorcodes--------------------------------------------------------------------

BEGIN Inhoud van Input.txt-----------------------------------------------------------
C:\WINDOWS\system32\tmngvkpy.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\lojyhslc.exe
C:\WINDOWS\system32\xaaIlnpo.ini
C:\WINDOWS\system32\opnlIaax.dll.vir
C:\WINDOWS\system32\WinNB58.dll.vir
C:\WINDOWS\olgdqarf.exe.vir
C:\WINDOWS\wxvgsdbq.exe.vir
C:\WINDOWS\wdpoefan.dll.vir
C:\WINDOWS\qnmargolxpg.dll.vir
C:\WINDOWS\vadokmxt.dll.vir
C:\WINDOWS\dpevflbg.dll.vir
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret
EINDE Inhoud van Input.txt-----------------------------------------------------------

00 C:\WINDOWS\system32\tmngvkpy.exe
00 C:\WINDOWS\system32\akttzn.exe
53 C:\WINDOWS\system32\lojyhslc.exe
00 C:\WINDOWS\system32\xaaIlnpo.ini
00 C:\WINDOWS\system32\opnlIaax.dll.vir
00 C:\WINDOWS\system32\WinNB58.dll.vir
00 C:\WINDOWS\olgdqarf.exe.vir
00 C:\WINDOWS\wxvgsdbq.exe.vir
00 C:\WINDOWS\wdpoefan.dll.vir
00 C:\WINDOWS\qnmargolxpg.dll.vir
00 C:\WINDOWS\vadokmxt.dll.vir
00 C:\WINDOWS\dpevflbg.dll.vir
M0 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kzinwret

;4555372-OEM-0041513-35967=S0MQJ1GP50212645

;EINDE GV_Killer ---------------------------------------------------------------------

hallo,

1.
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

2.
scanne mit Malwarebytes, lasse alles entfernen, was gefunden wird + poste den report
Malwarebytes Anti-Malware

3.
lade combofix neu, poste den report, bitte komplett :)
combofix

Malwarebytes' Anti-Malware 1.11
Datenbank Version: 669

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 113393
Scan Dauer: 26 minute(s), 18 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 66

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contextprogram (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ContextProgram.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dpevflbg.bakq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dpevflbg.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\ContextProgram\ContextProgram.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Programme\ContextProgram\pcre3.dll (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Programme\ContextProgram\uninstall.exe (AdWare.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\virii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\blackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\EditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\EditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\filemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\fkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\fkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\fwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\FWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fabio Saputo\Desktop\Trojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Hallo :)

Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

lade combofix neu, poste den report, bitte komplett
combofix

ComboFix 08-04-22.5 - Vincenzo Saputo 2008-04-23 19:27:24.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1579 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Vincenzo Saputo\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-23 bis 2008-04-23 ))))))))))))))))))))))))))))))
.

2008-04-23 15:43 . 2008-04-23 15:44 <DIR> d-------- C:\Programme\GV_Killer
2008-04-23 15:43 . 2001-09-07 11:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-04-22 22:27 . 2008-04-22 22:27 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-22 22:27 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-22 22:26 . 2008-04-22 22:27 <DIR> d-------- C:\Programme\TuneUp Utilities 2008
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\TuneUp Software
2008-04-22 22:26 . 2008-04-22 22:26 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-04-22 20:45 . 2003-12-21 17:24 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2008-04-22 20:45 . 2003-12-20 20:03 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-04-22 19:30 . 2008-04-22 19:30 <DIR> d-------- C:\Programme\AMD
2008-04-22 19:30 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2008-04-22 19:06 . 2008-04-22 19:06 <DIR> d-------- C:\Programme\Alcohol Soft
2008-04-22 16:26 . 2008-04-22 16:26 <DIR> d-------- C:\Programme\Trend Micro
2008-04-22 16:14 . 2008-04-22 16:15 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-22 16:14 . 2008-04-22 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Malwarebytes
2008-04-22 16:14 . 2008-04-22 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-21 22:05 . 2008-04-21 22:10 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Programme\Trojan Remover
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Simply Super Software
2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
2008-04-21 22:03 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-21 22:03 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-21 22:03 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-21 22:03 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-21 22:03 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-16 19:51 . 2008-04-16 19:51 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Apple Computer
2008-04-16 18:55 . 2008-04-20 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 18:55 . 2008-04-16 18:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 21:32 . 2008-04-22 15:44 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\temp
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Programme\QuickTime
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Programme\Apple Software Update
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-04-15 21:08 . 2008-04-15 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-04-14 22:18 . 2008-04-14 22:18 <DIR> d-------- C:\Programme\Pineapple Works
2008-04-13 16:10 . 2008-04-13 16:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2008-04-13 16:08 . 2008-04-13 16:08 <DIR> d-------- C:\Programme\Yahoo!
2008-04-13 16:08 . 2008-04-13 16:08 <DIR> d-------- C:\Programme\CCleaner
2008-04-06 18:49 . 2008-04-15 20:44 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-05 09:28 . 2008-04-05 09:28 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\Ahead
2008-04-01 20:57 . 2008-04-01 20:57 <DIR> d-------- C:\Programme\SopCast
2008-03-31 20:13 . 2008-03-31 20:13 <DIR> d-------- C:\WINDOWS\OvtCam
2008-03-31 19:56 . 2003-10-15 17:52 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-03-31 19:56 . 2003-10-15 17:52 200,704 --a------ C:\WINDOWS\sel3110.exe
2008-03-31 19:56 . 2003-10-15 17:52 174,530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2008-03-31 19:56 . 2003-10-15 17:52 135,168 --a------ C:\WINDOWS\ov519cap.exe
2008-03-31 19:56 . 2003-10-15 17:52 61,440 --a------ C:\WINDOWS\ov519dib.dll
2008-03-31 19:56 . 2003-10-15 17:52 40,960 --a------ C:\WINDOWS\system32\ov519ext.dll
2008-03-31 19:56 . 2003-10-15 17:52 40,960 --a------ C:\WINDOWS\CleanDev.exe
2008-03-31 19:56 . 2003-10-15 17:52 25,211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2008-03-31 19:56 . 2003-10-15 17:52 25,099 --a------ C:\WINDOWS\system32\ov519ext.ax
2008-03-31 19:56 . 2003-10-15 17:52 16,426 --a------ C:\WINDOWS\system32\ov519usd.dll
2008-03-31 19:51 . 2008-03-31 19:51 <DIR> d-------- C:\Programme\Ahead
2008-03-30 21:13 . 2008-03-30 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\AVS4YOU
2008-03-30 21:13 . 2008-03-30 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-03-30 21:12 . 2008-03-30 21:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-03-30 21:12 . 2008-03-30 21:13 <DIR> d-------- C:\Programme\AVS4YOU
2008-03-30 21:04 . 2008-03-30 21:04 <DIR> d-------- C:\Programme\Xilisoft
2008-03-30 21:04 . 2005-11-21 07:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-03-30 21:04 . 2005-11-21 07:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-03-30 00:25 . 2004-08-04 01:58 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-30 00:25 . 2004-08-04 01:58 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-30 00:25 . 2004-08-04 00:58 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-30 00:25 . 2004-08-04 00:58 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-30 00:25 . 2004-08-04 00:57 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 00:25 . 2004-08-04 00:57 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 00:25 . 2004-08-04 00:58 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 00:25 . 2004-08-04 00:58 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 14:07 . 2008-03-29 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\DirectX
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Support
2008-03-29 14:06 . 2008-03-29 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\data
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Autorun
2008-03-29 14:06 . 2008-03-29 14:06 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\alocale
2008-03-29 14:06 . 2008-03-07 16:40 5,423,104 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\EURO08.exe
2008-03-29 14:06 . 2008-03-13 20:26 1,784,320 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\autorun.dat
2008-03-29 14:06 . 2008-01-28 12:54 397,312 -ra------ C:\Dokumente und Einstellungen\Vincenzo Saputo\AutoRun.exe
2008-03-29 14:06 . 2008-01-28 12:54 380,928 -ra------ C:\Dokumente und Einstellungen\Vincenzo Saputo\EASetup.exe
2008-03-29 14:06 . 2008-03-07 16:35 21,060 --a------ C:\Dokumente und Einstellungen\Vincenzo Saputo\config.dat
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:55 . 2008-04-23 14:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-28 15:00 . 2008-03-28 15:00 1,024 --ah----- C:\Dokumente und Einstellungen\Default User\NtUser.dat.LOG
2008-03-28 14:59 . 2008-03-28 14:59 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Ahead
2008-03-28 14:57 . 2008-03-28 14:57 <DIR> d-------- C:\Programme\Nero
2008-03-28 14:57 . 2008-03-28 15:00 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-03-28 14:57 . 2008-03-28 14:57 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-03-28 02:09 . 2008-03-28 02:09 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\MY_STAMPS
2008-03-28 02:09 . 2008-03-28 11:46 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\MY_BKG
2008-03-28 02:09 . 2008-04-05 09:28 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Meine_Bilder
2008-03-28 02:09 . 2008-03-28 11:30 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Meine_Ausweise
2008-03-26 15:54 . 2008-03-26 15:54 <DIR> d-------- C:\Programme\MSXML 4.0
2008-03-26 14:29 . 2008-04-23 15:47 <DIR> d-------- C:\Programme\NavigationAdvisor
2008-03-25 23:28 . 2008-03-25 23:29 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Programme\Sony Ericsson
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2008-03-25 19:08 . 2008-03-25 19:09 <DIR> d-------- C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Documents
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2008-03-25 19:08 . 2008-03-25 19:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2008-03-25 19:07 . 2008-03-25 19:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-25 19:07 . 2008-03-25 19:07 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-03-25 19:07 . 2008-03-25 19:07 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-25 19:07 . 2008-03-25 19:07 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-03-25 19:07 . 2008-03-25 19:07 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
13 Datei(en) . 101,523,846 C:\ComboFix\Bytes
4 Datei(en) . 3,409,216 C:\ComboFix\Bytes
2 Datei(en) . 238,592 C:\ComboFix\Bytes
1 Datei(en) . 390,497 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:52 --------- d-----w C:\Programme\EA SPORTS
2008-04-22 15:10 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQ
2008-04-21 11:11 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQ
2008-04-11 17:26 --------- d-----w C:\Programme\ICQLite
2008-04-09 12:17 --------- d-----w C:\Programme\ICQ6
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 14:59 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\DivX
2008-03-19 10:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-19 10:12 --------- d--h--r C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\SecuROM
2008-03-19 10:01 --------- d-----w C:\Programme\Fifa Master
2008-03-18 20:01 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\mIRC
2008-03-18 20:00 --------- d-----w C:\Programme\mIRC
2008-03-18 18:36 --------- d-----w C:\Programme\PPLive
2008-03-18 18:35 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\PPLive
2008-03-18 11:15 --------- d-----w C:\Programme\Gemeinsame Dateien\ScanSoft Shared
2008-03-18 11:13 --------- d-----w C:\Programme\TextBridge Pro 9.0
2008-03-18 11:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-03-18 11:03 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-18 11:03 --------- d-----w C:\Programme\Ulead Systems
2008-03-15 09:12 --------- d-----w C:\Programme\UberIcon
2008-03-15 09:10 --------- d-----w C:\Programme\LClock
2008-03-15 09:09 --------- d-----w C:\Programme\Vista Drive Icon
2008-03-13 17:36 --------- d-----w C:\Programme\ICQToolbar
2008-03-13 17:36 --------- d-----w C:\Programme\ICQ618_35_47
2008-03-13 17:35 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\InstallShield
2008-03-13 17:07 --------- d-----w C:\Programme\Windows Media Connect 2
2008-03-11 21:45 --------- d-----w C:\Programme\Gemeinsame Dateien\snp2std
2008-03-11 21:44 --------- d-----w C:\Programme\Gemeinsame Dateien\ArcSoft
2008-03-11 21:44 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ArcSoft
2008-03-11 21:43 --------- d-----w C:\Programme\ArcSoft
2008-03-11 12:31 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-03-10 19:53 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\DivX
2008-03-10 19:52 --------- d-----w C:\Programme\DivX
2008-03-08 22:45 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\Azureus
2008-03-08 18:38 --------- d-----w C:\Programme\Microsoft Silverlight
2008-03-08 17:08 --------- d-----w C:\Programme\Azureus
2008-03-08 09:00 --------- d-----w C:\Programme\Google
2008-03-07 21:50 --------- d-----w C:\Programme\Java
2008-03-07 21:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-03-07 17:16 --------- dcsh--w C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-03-07 17:16 --------- d-----w C:\Programme\Windows Live Toolbar
2008-03-07 17:16 --------- d-----w C:\Programme\Windows Live Favorites
2008-03-07 13:45 --------- d-----w C:\Programme\Windows Live
2008-03-07 13:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-03-07 13:42 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQ Toolbar
2008-03-07 13:28 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ICQLite
2008-03-07 13:26 --------- d-----w C:\Dokumente und Einstellungen\Fabio Saputo\Anwendungsdaten\ATI
2008-03-07 13:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
2008-03-07 13:08 --------- d-----w C:\Programme\IVT Corporation
2008-03-06 14:26 --------- d-----w C:\Programme\Microsoft Works
2008-03-06 14:20 --------- d-----w C:\Programme\Microsoft Works Suite 2003
2008-03-05 22:03 --------- d-----w C:\Programme\BearShare
2008-03-05 20:03 65,143 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-05 20:03 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-05 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-05 19:31 --------- d-----w C:\Programme\DIFX
2008-03-05 19:30 --------- d-----w C:\Programme\Realtek
2008-03-05 19:10 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\InstallShield
2008-03-05 19:06 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQ Toolbar
2008-03-05 19:03 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ICQLite
2008-03-05 18:26 --------- d-----w C:\Programme\RegCleaner
2008-03-05 18:05 --------- d-----w C:\Programme\MSI
2008-03-05 17:58 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\ATI
2008-03-05 17:55 --------- d-----w C:\Dokumente und Einstellungen\Vincenzo Saputo\Anwendungsdaten\ATI
2008-03-05 17:53 --------- d-----w C:\Programme\ATI Technologies
2008-03-05 17:52 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-05 17:52 --------- d-----w C:\Programme\Gemeinsame Dateien\ATI Technologies
2008-03-05 17:32 --------- d-----w C:\Programme\microsoft frontpage
2008-03-05 17:31 --------- d-----w C:\Programme\Online-Dienste
2008-03-05 17:30 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 665,088 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50}]
2007-12-30 22:48 1019904 --a------ C:\Programme\NavigationAdvisor\NavigationAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57 15360]
"msnmsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"LClock"="C:\Programme\LClock\lclock.exe" [2004-09-19 20:27 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 15:03 149040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"BearShare"="C:\Programme\BearShare\BearShare.exe" [2006-07-26 14:48 3305472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]
"DrvIcon"="C:\Programme\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"HotKey"="C:\WINDOWS\Twain_32\FlatBed\HotKey.exe" [2002-08-01 11:53 462848]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-06-19 10:19 31744]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 10:24 22528]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-12 15:23 161328]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-07-26 11:30 339968]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"TrojanScanner"="C:\Programme\Trojan Remover\Trjscan.exe" [2008-04-07 19:51 873040]
"amd_dc_opt"="C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 10:24 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360]

C:\Dokumente und Einstellungen\Fabio Saputo\Startmen\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

C:\Dokumente und Einstellungen\Vincenzo Saputo\Startmen\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
BlueSoleil.lnk - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-07 15:08:05 1183744]
CoreCenter.lnk - C:\Programme\MSI\Core Center\CoreCenter.exe [2008-03-05 20:05:19 928256]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Ulead Kalendar Checker 4.0 SE.lnk - C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-03-18 13:03:52 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\BearShare\\BearShare.exe"=
"C:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"C:\\Programme\\PPLive\\PPLive.exe"=
"C:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programme\\SopCast\\SopCast.exe"=

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:58]
R3 RushTopDevice;RushTopDevice;C:\Programme\MSI\Core Center\RushTop.sys [2006-05-23 16:05]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-10 12:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-22 22:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-04-23 17:26:08 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-15 19:08:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 16:32:00 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Programme\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 19:29:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-23 19:29:47
ComboFix-quarantined-files.txt 2008-04-23 17:29:34
ComboFix2.txt 2008-04-22 16:31:01

12 Verzeichnis(se), 76,805,656,576 Bytes frei
15 Verzeichnis(se), 76,859,420,672 Bytes frei

308 --- E O F --- 2008-04-12 12:00:45

Hallo,
das sieht ja schon ganz ordentlich aus :)

mache einen Onlinescan mit Bitdefender + poste den report
Online Virenscanner