Google redirect & System lädt nicht

[Sven_]

Hi, die ersten zwei texteinträge wurden nicht gefunden, der dritte kam 1 x vor
Hier das Logfile:

Code:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "c00687C0.mat" 2008-11-28 21:09:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00687C0]
"DllName"="c00687C0.mat"

[Speedy]

1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
   
   Code:

   Registry::
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00687C0]
   File::
   C:\WINDOWS\SYSTEM32\c00687C0.mat
   C:\WINDOWS\system32\874c08c8-.txt
   C:\WINDOWS\system32\qvzeptrwej.dll-uninst.exe
   Rootkit::
   C:\WINDOWS\SYSTEM32\c00687C0.mat
   C:\Documents and Settings\sbuggerm\Application Data\Microsoft\Windows\sys32.dll
   C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp
   Driver::
   PCIUtil

2. Speichere dies als CFScript.txt auf Deinem Desktop
   
   
   
3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
   NB: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen![/QUOTE]

poste ein aktuelles hjt und hjtscanlist logfile das du mit der 2 erstellt hast!

lade dir das tool filelistcreator herunter und starte es.
füge folgende ordner zum auslesen hinzu

11/25/2008 20:02 C:\WINDOWS\system32\inetsrv --------- 0
11/03/2008 11:58 C:\WINDOWS\system32\drivers --------- 0
10/29/2008 21:55 C:\WINDOWS\system32\1033 --------- 0
10/26/2008 14:17 C:\WINDOWS\system32\pci --------- 0
10/26/2008 14:13 C:\WINDOWS\system32\I2 --------- 0
10/26/2008 14:13 C:\WINDOWS\system32\EV19 --------- 0
10/26/2008 14:10 C:\WINDOWS\system32\am2 --------- 0
10/26/2008 12:41 C:\WINDOWS\system32\Restore --------- 0
10/26/2008 12:04 C:\WINDOWS\system32\CAE --------- 0
10/16/2008 21:18 C:\WINDOWS\system32\Logfiles --------- 0

aktiviere folgende kästchen
dateiendung anzeigen
pfad bei jeder datei anzeigen

drück nun den button >> liste erstellen<<
posten den inhalt hier im tag code formatiert.

[Sven_]

Sodele, Combofix hat die c00687C0.mat erfolgreich gelöscht. Das interessante war das nachdem Combofix die Datei im Fenster als gelöscht bezeichnet hat hat der Norton Autoprotect 6 x den c00687C0.mat Trojaner verhindert & gelöscht.

Hier das Logfile:

Code:

ComboFix 08-11-28.02 - sbuggerm 2008-11-28 22:27:57.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2261 [GMT 1:00]
Running from: c:\documents and settings\sbuggerm\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sbuggerm\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\874c08c8-.txt
c:\windows\SYSTEM32\c00687C0.mat
c:\windows\system32\qvzeptrwej.dll-uninst.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sbuggerm\Application Data\Microsoft\Windows\sys32.dll
c:\windows\system32\874c08c8-.txt
c:\windows\SYSTEM32\c00687C0.mat
c:\windows\system32\qvzeptrwej.dll-uninst.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIUTIL
-------\Service_PCIUtil


(((((((((((((((((((((((((   Files Created from 2008-10-28 to 2008-11-28  )))))))))))))))))))))))))))))))
.

2008-11-28 20:47 . 2008-11-28 20:47	<DIR>	d--------	C:\programme
2008-11-27 13:50 . 2008-11-27 13:50	578,560	--a--c---	c:\windows\system32\dllcache\user32.dll
2008-11-27 13:47 . 2008-11-27 13:47	<DIR>	d--------	c:\windows\ERUNT
2008-11-27 12:08 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Bluetooth Software
2008-11-27 12:08 . 2008-01-23 09:09	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\ManageSoft Corp
2008-11-27 12:08 . 2008-01-23 11:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\Intel
2008-11-27 12:08 . 2008-01-23 09:05	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\InstallShield
2008-11-27 12:08 . 2008-01-23 09:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\ATI
2008-11-27 12:08 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{DF99D800-F903-48FB-85A5-07817A889081}
2008-11-27 12:08 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{9C7B5BAE-2EAD-41CA-9896-7E952731919A}
2008-11-27 12:08 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{9035A8F6-745E-4ED9-A1E8-B5F9A2F1A9CF}
2008-11-27 12:08 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{6378C14B-61EC-429B-8F8F-04C9ED75B3E8}
2008-11-27 12:08 . 2008-01-23 08:42	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{51FD6D8C-B4D1-4969-9D17-0BFAE03DCD23}
2008-11-27 12:08 . 2008-01-23 08:38	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{3FCA3A1A-D57D-4D79-BB47-61622CE3835C}
2008-11-27 12:08 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{374B1131-5EBC-4EC9-8CCA-51058F569B36}
2008-11-27 12:08 . 2008-11-27 12:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV
2008-11-27 11:51 . 2008-11-27 14:16	<DIR>	d--------	C:\SDFix
2008-11-27 11:50 . 2008-11-27 11:50	<DIR>	d--------	C:\programm_download
2008-11-27 11:45 . 2008-09-04 18:15	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2008-11-27 11:45 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 13:17 . 2008-11-25 13:28	<DIR>	d--------	C:\fixwareout
2008-11-25 13:12 . 2008-11-25 13:12	<DIR>	d--------	c:\program files\Trend Micro
2008-11-18 17:38 . 2008-05-30 14:11	3,850,760	--a------	c:\windows\system32\D3DX9_38.dll
2008-11-18 17:38 . 2008-05-30 14:11	1,491,992	--a------	c:\windows\system32\D3DCompiler_38.dll
2008-11-18 17:38 . 2008-05-30 14:19	507,400	--a------	c:\windows\system32\XAudio2_1.dll
2008-11-18 17:38 . 2008-05-30 14:11	467,984	--a------	c:\windows\system32\d3dx10_38.dll
2008-11-18 17:38 . 2008-05-30 14:18	238,088	--a------	c:\windows\system32\xactengine3_1.dll
2008-11-18 17:38 . 2008-05-30 14:17	65,032	--a------	c:\windows\system32\XAPOFX1_0.dll
2008-11-18 17:38 . 2008-05-30 14:17	25,608	--a------	c:\windows\system32\X3DAudio1_4.dll
2008-11-18 17:37 . 2008-11-18 17:37	682,280	--a------	c:\windows\system32\pbsvc.exe
2008-11-18 17:37 . 2008-11-18 17:37	22,328	--a------	c:\documents and settings\sbuggerm\Application Data\PnkBstrK.sys
2008-11-18 16:26 . 2008-11-18 16:26	<DIR>	d--------	c:\program files\Activision
2008-11-09 13:22 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Bluetooth Software
2008-11-09 13:22 . 2008-01-23 09:09	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\ManageSoft Corp
2008-11-09 13:22 . 2008-01-23 11:08	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\Intel
2008-11-09 13:22 . 2008-01-23 09:05	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\InstallShield
2008-11-09 13:22 . 2008-01-23 09:08	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\ATI
2008-11-09 13:22 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{DF99D800-F903-48FB-85A5-07817A889081}
2008-11-09 13:22 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{9C7B5BAE-2EAD-41CA-9896-7E952731919A}
2008-11-09 13:22 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{9035A8F6-745E-4ED9-A1E8-B5F9A2F1A9CF}
2008-11-09 13:22 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{6378C14B-61EC-429B-8F8F-04C9ED75B3E8}
2008-11-09 13:22 . 2008-01-23 08:42	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{51FD6D8C-B4D1-4969-9D17-0BFAE03DCD23}
2008-11-09 13:22 . 2008-01-23 08:38	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{3FCA3A1A-D57D-4D79-BB47-61622CE3835C}
2008-11-09 13:22 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{374B1131-5EBC-4EC9-8CCA-51058F569B36}
2008-11-09 13:21 . 2008-11-09 13:22	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET
2008-11-09 13:21 . 2008-11-09 13:21	<DIR>	d--------	c:\documents and settings\CNU8100KCV
2008-11-08 11:05 . 2008-11-08 11:05	664	--a------	c:\windows\system32\d3d9caps.dat
2008-11-06 11:58 . 2008-11-06 11:58	<DIR>	d--------	c:\windows\SQLTools9_KB948109_ENU
2008-11-06 11:55 . 2008-11-06 11:55	<DIR>	d--------	c:\windows\SQL9_KB948109_ENU
2008-11-04 11:29 . 2008-11-04 11:29	<DIR>	d--------	c:\documents and settings\sbuggerm\Application Data\PGP Corporation
2008-11-03 11:59 . 2008-11-03 11:59	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	<DIR>	d--------	c:\program files\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	<DIR>	d--------	c:\program files\Common Files\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	114,308	--a------	c:\windows\system32\PGPlspRollback.reg
2008-11-01 10:53 . 2008-11-01 10:53	<DIR>	d--------	c:\documents and settings\All Users\Application Data\ATI
2008-10-31 14:37 . 2008-11-07 17:30	<DIR>	d--------	c:\documents and settings\sbuggerm\Application Data\temp
2008-10-31 14:12 . 2008-10-31 14:12	<DIR>	d--------	c:\windows\Logs
2008-10-31 14:12 . 2008-07-12 08:18	3,851,784	--a------	c:\windows\system32\D3DX9_39.dll
2008-10-31 13:51 . 2008-10-31 13:51	<DIR>	d--------	c:\program files\EA SPORTS
2008-10-29 21:26 . 2008-08-14 11:11	2,189,184	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-29 21:26 . 2008-08-14 11:09	2,145,280	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-29 21:26 . 2008-08-14 10:33	2,066,048	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-29 21:26 . 2008-08-14 10:33	2,023,936	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-29 21:26 . 2008-10-15 17:34	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2008-10-29 21:26 . 2008-09-08 11:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys
2008-10-29 21:25 . 2008-09-15 13:12	1,846,400	-----c---	c:\windows\system32\dllcache\win32k.sys
2008-10-29 21:24 . 2008-05-01 15:33	331,776	-----c---	c:\windows\system32\dllcache\msadce.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 21:40	---------	d-----w	c:\program files\Symantec AntiVirus
2008-11-27 20:50	140,216	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 10:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 16:36	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-17 11:29	---------	d-----w	c:\program files\eRoom 7
2008-11-17 11:07	---------	d-----w	c:\program files\Common Files\Symantec Shared
2008-11-06 10:58	---------	d-----w	c:\program files\Microsoft SQL Server
2008-11-01 09:43	---------	d-----w	c:\program files\ATI Technologies
2008-10-29 20:53	---------	d-----w	c:\program files\Common Files\Merge Modules
2008-10-29 20:52	---------	d-----w	c:\program files\Microsoft Visual Studio 8
2008-10-29 20:51	---------	d-----w	c:\program files\MSBuild
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:07	---------	d-----w	c:\program files\EA GAMES
2008-10-05 08:53	---------	d-----w	c:\program files\Gamesload Spiele
2008-10-05 08:37	---------	d-----w	c:\program files\Gamesload  Spiele
2008-10-03 13:23	---------	d-----w	c:\program files\Boonty
2008-10-03 11:50	---------	d-----w	c:\program files\Petergames
2008-10-02 19:56	---------	d--h--r	c:\documents and settings\sbuggerm\Application Data\SecuROM
2008-10-02 14:38	---------	d-----w	c:\program files\OpenAL
2008-09-29 08:56	---------	d-----w	c:\program files\Hewlett-Packard
2006-12-29 13:15	626,688	----a-w	c:\program files\Common Files\sapconsaccess.dll
2006-12-29 13:15	40,960	----a-w	c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 13:15	3,100,672	----a-w	c:\program files\Common Files\sapxlhelper.dll
2006-12-29 13:15	192,512	----a-w	c:\program files\Common Files\sapconsr3.dll
2006-12-07 08:26	1,129,984	----a-w	c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 08:26	1,124,864	----a-w	c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

(((((((((((((((((((((((((((((   snapshot@2008-11-26_15.50.37.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09	455,296	------w	c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-07 14:27:04	163,328	----a-w	c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-27 12:47:05	1,028,096	----a-w	c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-11-27 12:47:05	8,192	----a-w	c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04	163,328	----a-w	c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-27 12:47:02	1,028,096	----a-w	c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-11-27 12:47:02	8,192	----a-w	c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-11-27 10:46:15	32,768	----a-r	c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-29 21:14:43	1,165,584	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-27 10:48:10	1,165,584	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-29 21:14:43	20,240	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-27 10:48:11	20,240	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-29 21:14:43	159,504	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-27 10:48:11	159,504	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-29 21:14:43	217,864	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-27 10:48:11	217,864	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-29 21:14:43	18,704	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-27 10:48:11	18,704	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-29 21:14:43	35,088	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-27 10:48:11	35,088	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-29 21:14:43	845,584	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-27 10:48:11	845,584	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-29 21:14:43	922,384	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-27 10:48:11	922,384	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-29 21:14:43	272,648	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-27 10:48:11	272,648	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-29 21:14:43	888,080	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-27 10:48:11	888,080	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-29 21:14:43	1,172,240	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-27 10:48:11	1,172,240	----a-r	c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-29 21:14:49	35,600	----a-r	c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-11-27 10:47:54	35,600	----a-r	c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-09-18 09:48:44	135,168	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-27 10:47:24	135,168	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-18 09:48:44	4,096	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-27 10:47:24	4,096	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-18 09:48:44	147,456	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-11-27 10:47:24	147,456	----a-r	c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2008-09-18 09:48:57	12,288	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-27 10:47:38	12,288	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-18 09:48:57	135,168	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-27 10:47:38	135,168	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-18 09:48:57	4,096	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-27 10:47:38	4,096	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-18 09:48:57	176,128	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-11-27 10:47:37	176,128	----a-r	c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2008-04-14 00:12:01	1,306,624	-c----w	c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56	1,307,648	-c----w	c:\windows\system32\dllcache\msxml6.dll
- 2008-11-26 14:46:42	308,849	----a-w	c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-28 21:40:50	308,848	----a-w	c:\windows\system32\inetsrv\MetaBase.bin
- 2008-04-14 00:12:01	1,104,896	----a-w	c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04	1,106,944	----a-w	c:\windows\system32\msxml3.dll
- 2007-05-08 13:03:04	1,275,392	----a-w	c:\windows\system32\msxml4.dll
+ 2008-09-30 15:43:34	1,286,152	----a-w	c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01	1,306,624	----a-w	c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56	1,307,648	----a-w	c:\windows\system32\msxml6.dll
- 2008-11-26 11:53:37	201,352	----a-w	c:\windows\system32\PnkBstrB.exe
+ 2008-11-27 20:49:03	201,352	----a-w	c:\windows\system32\PnkBstrB.exe
- 2007-11-30 11:18:51	17,272	------w	c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01	17,272	------w	c:\windows\system32\spmsg.dll
+ 2008-11-28 21:38:52	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_91c.dat
+ 2008-11-28 21:42:36	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_930.dat
+ 2008-09-30 15:42:08	1,286,152	----a-w	c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12	91,656	----a-w	c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-08-22 18:49	310328	--a------	c:\windows\system32\PGPfsshl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\agilent\adci\adcist.exe" [2003-12-11 69632]
"POD3.6"="c:\program files\MessageLabs\POD36\mlpod36.exe" [2006-11-07 5937320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LAAM"="c:\agilent\bin\runit" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"SchedulingAgent_nDG"="c:\program files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 1110016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 143360]
"SmcService"="c:\progra~1\Sygate\SSA\smc.exe" [2007-01-26 2639512]
"adcius.exe"="c:\agilent\adci\adcius.exe" [2007-07-05 49152]
"CCDoctorLogonTesting"="c:\program files\Rational\ClearCase\bin\ccdoctor.exe" [2003-09-26 126976]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"!AUMStatus"="c:\program files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe" [2007-09-25 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sbuggerm\Start Menu\Programs\Startup\
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2008-05-15 153352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PGPtray.exe.lnk - c:\windows\Installer\{8916B23D-C6E6-4599-A315-92773FDE4417}\Icon6560581611.exe [2008-11-03 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonADCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-144993\Scripts\Logon\0\0]
"Script"=ResetPGPKeys.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-144993\Scripts\Logon\1\0]
"Script"=cleanup.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\radexecd.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\RadUIShell.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\radtray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R0 pgpfs;PGP File Sharing;c:\windows\system32\Drivers\PGPfsfd.sys [2008-08-22 128568]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2008-08-22 210488]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-01-23 28120]
R2 AUMService;HP OpenView CM Application Usage Manager Agent Service;"c:\program files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe" [2007-09-25 225280]
R2 ContentMgrService;Content Management Service;c:\program files\Videoload Manager\ContentManager.exe [2008-03-12 508928]
R2 ndGlobalLauncher;ManageSoft installation agent;"c:\program files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 2428928]
R2 ndinit;ManageSoft managed device;"c:\program files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 610304]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2008-08-22 245816]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2008-08-22 40504]
R2 radexecd;HP OVCM Notify Daemon;"c:\program files\Hewlett-Packard\CM\Agent\radexecd.exe" [2007-08-15 258222]
R2 radsched;HP OVCM Scheduler Daemon;"c:\program files\Hewlett-Packard\CM\Agent\radsched.exe" [2007-07-20 172210]
R2 Radstgms;HP OVCM MSI Redirector;"c:\program files\Hewlett-Packard\CM\Agent\Radstgms.exe" [2007-07-20 315568]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-01-23 1489688]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 dsNcAdpt;Juniper Network Connect Adapter;c:\windows\system32\DRIVERS\dsNcAdpt.sys [2008-02-15 23552]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-04-04 11113]
R3 HPAUMDriver;HPAUMDriver;c:\windows\system32\Drivers\HPAUMDriver.sys [2007-09-25 6784]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2008-01-23 41216]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-04-04 216459]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\DRIVERS\radiamsi.sys [2007-08-30 30120]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2008-01-23 47616]
S3 Albd;Atria Location Broker;"c:\program files\Rational\ClearCase\bin\albd_server.exe" [2005-05-17 176016]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-04-04 216459]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe [2007-01-26 323658]
S3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs50.sys [2005-05-09 508628]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "c:\program files\AgilentIE6Settings\ConfigureIE6.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F6CBDE3D-3200-41A9-B22D-C7ED922A7B16}]
wscript //b "c:\program files\Agilent MS Office Templates\UserSetup.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F82A802F-470C-4882-BD2A-6B7CD8C1D6BC}]
wscript //b "c:\program files\AgilentIE7Settings\ConfigureIE7.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
c:\windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\User_Feed_Synchronization-{AE68F7CF-6990-475B-BFBA-9F0A7D1A0599}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 22:40:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
c:\program files\Rational\ClearCase\bin\ccasenp.dll
c:\program files\Rational\ClearCase\bin\LIBATRIANT.dll
c:\program files\Rational\ClearCase\bin\libatriaks.dll
c:\program files\Rational\ClearCase\bin\libatriacredmap.dll
c:\program files\Rational\ClearCase\bin\libatriaxdr.dll
c:\program files\Rational\ClearCase\bin\LIBATRIATBS.dll
c:\program files\Rational\ClearCase\bin\libatriamvfs.dll
c:\program files\Rational\ClearCase\bin\LIBEZRPC.dll
c:\program files\Rational\ClearCase\bin\LIBRPCSVC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Sygate\SSA\Smc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\windows\system32\PGPserv.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\ManageSoft\Usage Agent\mgsusageag.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-11-28 22:47:45 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-28 21:47:41
ComboFix2.txt  2008-11-26 14:51:02

Pre-Run: 63,064,301,568 bytes free
Post-Run: 63,055,650,816 bytes free

397

[Sven_]

Hier das aktuelle hjthis logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52, on 2008-11-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
C:\Program Files\Videoload Manager\ContentManager.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\MessageLabs\POD36\mlpod36.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com;localhost;127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [LAAM] C:\Agilent\bin\runit C:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AUMStatus] C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [POD3.6] C:\Program Files\MessageLabs\POD36\mlpod36.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O15 - Trusted Zone: http://www.gamesload.de
O15 - Trusted Zone: http://www.videoload.de
O15 - Trusted Zone: http://*.videoload.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207749955605
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://eroom.service.agilent.com/eRoomSetup/client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207749937348
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B1D475FE-75CD-11D2-8301-0060B0B32E16} (ImpPKCS12 Class) - https://digitalbadge.it.agilent.com/vsimport.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://bbnsslvpn.net.europe.agilent.com/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = germany.agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = germany.agilent.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DA5D815-9B42-4C0F-BC33-7B7CE751B6BD}: NameServer = 129.248.176.4,192.25.22.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = germany.agilent.com
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Atria Location Broker (Albd) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\albd_server.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP OpenView CM Application Usage Manager Agent Service (AUMService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - C:\Program Files\Videoload Manager\ContentManager.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Rational Lock Manager (LockMgr) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 15215 bytes

Hier das hjitscanlist mit option 2 logfile:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Version 5.1.2600]
 
 
C:

C:\WINDOWS 
C:\ComboFix.txt 
C:\Qoobox 
C:\hiberfil.sys 
C:\pagefile.sys 
C:\programme 
C:\SDFix 
C:\Temp 
C:\Documents and Settings 
C:\programm_download 
C:\Config.Msi 
C:\System Volume Information 
C:\fixwareout 
C:\Program Files 
C:\boot.ini 
C:\mvfslogs 
C:\downloads 
C:\publishedWebs 
C:\HP 
C:\MappedFiles 
C:\KanbanKistenRechner 
C:\test.zft 
C:\ntldr 
C:\Intel 
C:\SWSetup 
C:\Technische Dokumentationen 
C:\Pictures 
C:\Projekte 
C:\ATI 
C:\MSOCache 
C:\Agilent 
C:\test.lwl 
C:\CoCreate 
C:\Win2PDF_280_flag.txt 
C:\viewstore 
C:\OldDesktop 
C:\Inetpub 
C:\Visual Basic 
C:\usb 
C:\Six Sigma Green Belt Materials Course 
C:\Presentations 
C:\Music 
C:\Icons 
C:\Books 
C:\aspnet_client 
C:\setaid2.log 
C:\litstat 
C:\vncviewer.exe 
C:\i386 
C:\IO.SYS 
C:\CONFIG.SYS 
C:\AUTOEXEC.BAT 
C:\MSDOS.SYS 
C:\AbortSymantecScan.bat 
C:\SSEUtil.exe 
C:\ReadMe.htm 
C:\NTDETECT.COM 
----------------------------------------

 
C:\WINDOWS

C:\WINDOWS\system.ini 
C:\WINDOWS\0.log 
C:\WINDOWS\wiadebug.log 
C:\WINDOWS\wiaservc.log 
C:\WINDOWS\bootstat.dat 
C:\WINDOWS\WindowsUpdate.log 
C:\WINDOWS\SchedLgU.Txt 
C:\WINDOWS\hpbafd.ini 
C:\WINDOWS\ntbtlog.txt 
C:\WINDOWS\ntdtcsetup.log 
C:\WINDOWS\tsoc.log 
C:\WINDOWS\iis6.log 
C:\WINDOWS\comsetup.log 
C:\WINDOWS\imsins.log 
C:\WINDOWS\ocmsn.log 
C:\WINDOWS\tabletoc.log 
C:\WINDOWS\KB957097.log 
C:\WINDOWS\netfxocm.log 
C:\WINDOWS\ocgen.log 
C:\WINDOWS\MedCtrOC.log 
C:\WINDOWS\msgsocm.log 
C:\WINDOWS\FaxSetup.log 
C:\WINDOWS\msmqinst.log 
C:\WINDOWS\imsins.BAK 
C:\WINDOWS\KB954459.log 
C:\WINDOWS\KB955069.log 
C:\WINDOWS\updspapi.log 
C:\WINDOWS\msxml4-KB954430-enu.LOG 
C:\WINDOWS\setupapi.log 
C:\WINDOWS\win.ini 
C:\WINDOWS\DHCPUPG.LOG 
C:\WINDOWS\WINNT32.LOG 
C:\WINDOWS\setupact.log 
C:\WINDOWS\spupdsvc.log 
C:\WINDOWS\spupdsvc.log.1.log 
C:\WINDOWS\KB958644.log 
C:\WINDOWS\KB956390-IE7.log 
C:\WINDOWS\KB957095.log 
C:\WINDOWS\KB956841.log 
C:\WINDOWS\KB956803.log 
C:\WINDOWS\KB956391.log 
C:\WINDOWS\KB953155.log 
C:\WINDOWS\KB954211.log 
C:\WINDOWS\WgaNotify.log 
C:\WINDOWS\KB952287.log 
C:\WINDOWS\KB929399.log 
C:\WINDOWS\KB939683.log 
C:\WINDOWS\KB951978.log 
C:\WINDOWS\wmsetup.log 
C:\WINDOWS\DirectX.log 
C:\WINDOWS\pcvcdbr.INI 
C:\WINDOWS\pcvcdvw.INI 
C:\WINDOWS\KB938464.log 
C:\WINDOWS\KB954154.log 
C:\WINDOWS\DtcInstall.log 
C:\WINDOWS\OEWABLog.txt 
C:\WINDOWS\setuplog.txt 
C:\WINDOWS\svcpack.log 
C:\WINDOWS\KB952954.log 
C:\WINDOWS\KB951748.log 
C:\WINDOWS\KB951698.log 
C:\WINDOWS\KB951376-v2.log 
C:\WINDOWS\KB951376.log 
C:\WINDOWS\KB951072-v2.log 
C:\WINDOWS\KB951066.log 
C:\WINDOWS\KB950974.log 
C:\WINDOWS\KB950762.log 
C:\WINDOWS\KB946648.log 
C:\WINDOWS\cmsetacl.log 
C:\WINDOWS\sessmgr.setup.log 
C:\WINDOWS\KB898461.log 
C:\WINDOWS\KB892130.log 
C:\WINDOWS\KB953838-IE7.log 
C:\WINDOWS\KB888111.log 
C:\WINDOWS\SMinstall.log 
C:\WINDOWS\atiogl.xml 
C:\WINDOWS\KB941569.log 
C:\WINDOWS\ModemLog_Soft Data Fax Modem with SmartCP.txt 
C:\WINDOWS\KB936782.log 
C:\WINDOWS\setupapi.log.0.old 
C:\WINDOWS\HideWin.exe 
C:\WINDOWS\SMWizard.INI 
C:\WINDOWS\wmsetup10.log 
C:\WINDOWS\KB926239.log 
C:\WINDOWS\MSCompPackV1.log 
C:\WINDOWS\wmp11.log 
C:\WINDOWS\WMFDist11.log 
C:\WINDOWS\WMSysPr9.prx 
C:\WINDOWS\Wudf01000Inst.log 
C:\WINDOWS\Thumbs.db 
C:\WINDOWS\minitab.ini 
C:\WINDOWS\KB950759-IE7.log 
C:\WINDOWS\KB950760.log 
C:\WINDOWS\ativpsrm.bin 
C:\WINDOWS\KB945553.log 
C:\WINDOWS\KB948590.log 
C:\WINDOWS\KB948881.log 
C:\WINDOWS\KB947864-IE7.log 
C:\WINDOWS\KB941693.log 
C:\WINDOWS\KB950749.log 
C:\WINDOWS\KB901190.log 
C:\WINDOWS\saplogon.ini 
C:\WINDOWS\eRoomInstallationLog.txt 
C:\WINDOWS\iltwain.ini 
C:\WINDOWS\Addrfixr.ini 
C:\WINDOWS\KB939373.log 
C:\WINDOWS\KB942831.log 
C:\WINDOWS\KB942830.log 
C:\WINDOWS\eDrawingOfficeAutomator.INI 
C:\WINDOWS\winhlp32.exe 
C:\WINDOWS\slrundll.exe 
C:\WINDOWS\regedit.exe 
C:\WINDOWS\notepad.exe 
C:\WINDOWS\hh.exe 
C:\WINDOWS\explorer.exe 
C:\WINDOWS\twain_32.dll 
C:\WINDOWS\ODBC.INI 
C:\WINDOWS\COM+.log 
C:\WINDOWS\frontpg.ini 
C:\WINDOWS\KB938127-IE7.log 
C:\WINDOWS\KB944533-IE7.log 
C:\WINDOWS\msxml4-KB936181-enu.LOG 
C:\WINDOWS\msxml6-KB933579-enu-x86.LOG 
C:\WINDOWS\KB941568.log 
C:\WINDOWS\KB937894.log 
C:\WINDOWS\KB944653.log 
C:\WINDOWS\KB941644.log 
C:\WINDOWS\KB943485.log 
C:\WINDOWS\KB946026.log 
C:\WINDOWS\KB943055.log 
C:\WINDOWS\KB944533.log 
C:\WINDOWS\addcert.log 
C:\WINDOWS\KB942763.log 
C:\WINDOWS\setuperr.log 
C:\WINDOWS\regopt.log 
C:\WINDOWS\SAPDOCCD.INI 
C:\WINDOWS\smscfg.ini 
C:\WINDOWS\vpc32.INI 
C:\WINDOWS\AegisP.sys 
C:\WINDOWS\AegisP.inf 
C:\WINDOWS\AegisP.cat 
C:\WINDOWS\DPINST.LOG 
C:\WINDOWS\HPQLB.LOG 
C:\WINDOWS\Wdf01005Inst.log 
C:\WINDOWS\KB943460.log 
C:\WINDOWS\KB933729.log 
C:\WINDOWS\KB939653.log 
C:\WINDOWS\KB941202.log 
C:\WINDOWS\KB938127.log 
C:\WINDOWS\KB938829.log 
C:\WINDOWS\KB921503.log 
C:\WINDOWS\KB936021.log 
C:\WINDOWS\KB935839.log 
C:\WINDOWS\KB929123.log 
C:\WINDOWS\KB935840.log 
C:\WINDOWS\KB931784.log 
C:\WINDOWS\KB930178.log 
C:\WINDOWS\KB932168.log 
C:\WINDOWS\KB931261.log 
C:\WINDOWS\KB918118.log 
C:\WINDOWS\KB924667.log 
C:\WINDOWS\KB926436.log 
C:\WINDOWS\KB927779.log 
C:\WINDOWS\KB927802.log 
C:\WINDOWS\KB928255.log 
C:\WINDOWS\KB923689.log 
C:\WINDOWS\KB925398.log 
C:\WINDOWS\KB926255.log 
C:\WINDOWS\KB924270.log 
C:\WINDOWS\KB920213.log 
C:\WINDOWS\KB923980.log 
C:\WINDOWS\KB924496.log 
C:\WINDOWS\KB922819.log 
C:\WINDOWS\KB923414.log 
C:\WINDOWS\KB923191.log 
C:\WINDOWS\KB920685.log 
C:\WINDOWS\KB919007.log 
C:\WINDOWS\KB920670.log 
C:\WINDOWS\KB920683.log 
C:\WINDOWS\KB914388.log 
C:\WINDOWS\KB917953.log 
C:\WINDOWS\KB914389.log 
C:\WINDOWS\KB911280.log 
C:\WINDOWS\KB917344.log 
C:\WINDOWS\KB918439.log 
C:\WINDOWS\KB913580.log 
C:\WINDOWS\KB908531.log 
C:\WINDOWS\KB911562.log 
C:\WINDOWS\KB911927.log 
C:\WINDOWS\KB911564.log 
C:\WINDOWS\KB908519.log 
C:\WINDOWS\KB904706.log 
C:\WINDOWS\KB900725.log 
C:\WINDOWS\KB901017.log 
C:\WINDOWS\KB905749.log 
C:\WINDOWS\KB905414.log 
C:\WINDOWS\KB896423.log 
C:\WINDOWS\KB899587.log 
C:\WINDOWS\KB899591.log 
C:\WINDOWS\KB893756.log 
C:\WINDOWS\KB901214.log 
C:\WINDOWS\KB896428.log 
C:\WINDOWS\KB890046.log 
C:\WINDOWS\KB896358.log 
C:\WINDOWS\KB890859.log 
C:\WINDOWS\KB891781.log 
C:\WINDOWS\KB887472.log 
C:\WINDOWS\KB888302.log 
C:\WINDOWS\KB885835.log 
C:\WINDOWS\KB873339.log 
C:\WINDOWS\KB885836.log 
C:\WINDOWS\Sti_Trace.log 
C:\WINDOWS\KB935448.log 
C:\WINDOWS\KB925902.log 
C:\WINDOWS\KB933360.log 
C:\WINDOWS\Active Setup Log.txt 
C:\WINDOWS\KB893803v2.log 
C:\WINDOWS\xpsp1hfm.log 
C:\WINDOWS\wininit.ini 
C:\WINDOWS\log.log 
C:\WINDOWS\oobeact.log 
C:\WINDOWS\REGLOCS.OLD 
C:\WINDOWS\SynInst.log 
C:\WINDOWS\KB902400.log 
C:\WINDOWS\KB931760.log 
C:\WINDOWS\KB887742.log 
C:\WINDOWS\KB909095.log 
C:\WINDOWS\control.ini 
C:\WINDOWS\ODBCINST.INI 
C:\WINDOWS\WindowsShell.Manifest 
C:\WINDOWS\vbaddin.ini 
C:\WINDOWS\vb.ini 
C:\WINDOWS\SAPMSG.INI 
C:\WINDOWS\iwlanver.dll 
C:\WINDOWS\iwlandrvxpver.dll 
C:\WINDOWS\HPModemVersion.dll 
C:\WINDOWS\HPNICVersion.dll 
C:\WINDOWS\003083_.tmp 
C:\WINDOWS\DLA.EXE 
C:\WINDOWS\slmlogo.bmp 
C:\WINDOWS\uninsqvp.exe 
C:\WINDOWS\qvphook.dll 
C:\WINDOWS\IsUninst.exe 
C:\WINDOWS\Gone Fishing.bmp 
C:\WINDOWS\twunk_32.exe 
C:\WINDOWS\Greenstone.bmp 
C:\WINDOWS\Prairie Wind.bmp 
C:\WINDOWS\River Sumida.bmp 
C:\WINDOWS\twunk_16.exe 
C:\WINDOWS\FeatherTexture.bmp 
C:\WINDOWS\Blue Lace 16.bmp 
C:\WINDOWS\vmmreg32.dll 
C:\WINDOWS\Zapotec.bmp 
C:\WINDOWS\Rhododendron.bmp 
C:\WINDOWS\explorer.scf 
C:\WINDOWS\Santa Fe Stucco.bmp 
C:\WINDOWS\twain.dll 
C:\WINDOWS\desktop.ini 
C:\WINDOWS\Soap Bubbles.bmp 
C:\WINDOWS\TASKMAN.EXE 
C:\WINDOWS\winhelp.exe 
C:\WINDOWS\Coffee Bean.bmp 
C:\WINDOWS\msdfmap.ini 
C:\WINDOWS\winnt.bmp 
C:\WINDOWS\winnt256.bmp 
C:\WINDOWS\clock.avi 
C:\WINDOWS\_default.pif 
C:\WINDOWS\fdsv.exe 
C:\WINDOWS\grep.exe 
C:\WINDOWS\SWXCACLS.exe 
C:\WINDOWS\SWSC.exe 
C:\WINDOWS\SWREG.exe 
C:\WINDOWS\sed.exe 
C:\WINDOWS\NIRCMD.exe 
C:\WINDOWS\zip.exe 
C:\WINDOWS\VFIND.exe 
----------------------------------------

 
C:\WINDOWS\System

C:\WINDOWS\System\winspool.drv 
C:\WINDOWS\System\MMSYSTEM.DLL 
C:\WINDOWS\System\KEYBOARD.DRV 
C:\WINDOWS\System\LZEXPAND.DLL 
C:\WINDOWS\System\MCIAVI.DRV 
C:\WINDOWS\System\MCISEQ.DRV 
C:\WINDOWS\System\MCIWAVE.DRV 
C:\WINDOWS\System\COMMDLG.DLL 
C:\WINDOWS\System\AVIFILE.DLL 
C:\WINDOWS\System\MMTASK.TSK 
C:\WINDOWS\System\MOUSE.DRV 
C:\WINDOWS\System\AVICAP.DLL 
C:\WINDOWS\System\OLECLI.DLL 
C:\WINDOWS\System\OLESVR.DLL 
C:\WINDOWS\System\setup.inf 
C:\WINDOWS\System\SHELL.DLL 
C:\WINDOWS\System\SOUND.DRV 
C:\WINDOWS\System\stdole.tlb 
C:\WINDOWS\System\SYSTEM.DRV 
C:\WINDOWS\System\TAPI.DLL 
C:\WINDOWS\System\TIMER.DRV 
C:\WINDOWS\System\VER.DLL 
C:\WINDOWS\System\VGA.DRV 
C:\WINDOWS\System\WFWNET.DRV 
C:\WINDOWS\System\MSVIDEO.DLL 
----------------------------------------

 
C:\WINDOWS\System32

C:\WINDOWS\system32\CatRoot2 
C:\WINDOWS\system32\inetsrv 
C:\WINDOWS\system32\wpa.dbl 
C:\WINDOWS\system32\log.txt 
C:\WINDOWS\system32\ativvaxx.cap 
C:\WINDOWS\system32\drivers 
C:\WINDOWS\system32\config 
C:\WINDOWS\system32\PnkBstrB.exe 
C:\WINDOWS\system32\dllcache 
C:\WINDOWS\system32\Restore 
C:\WINDOWS\system32\DirectX 
C:\WINDOWS\system32\pbsvc.exe 
C:\WINDOWS\system32\d3d9caps.dat 
C:\WINDOWS\system32\perfh009.dat 
C:\WINDOWS\system32\perfc009.dat 
C:\WINDOWS\system32\PerfStringBackup.INI 
C:\WINDOWS\system32\PGPlspRollback.reg 
C:\WINDOWS\system32\CmdLineExt.dll 
C:\WINDOWS\system32\FNTCACHE.DAT 
C:\WINDOWS\system32\1033 
C:\WINDOWS\system32\pci 
C:\WINDOWS\system32\EV19 
C:\WINDOWS\system32\am2 
C:\WINDOWS\system32\CAE 
C:\WINDOWS\system32\Logfiles 
C:\WINDOWS\system32\PnkBstrA.exe 
C:\WINDOWS\system32\netapi32.dll 
C:\WINDOWS\system32\MRT.exe 
C:\WINDOWS\system32\ieframe.dll 
C:\WINDOWS\system32\wrap_oal.dll 
C:\WINDOWS\system32\OpenAL32.dll 
C:\WINDOWS\system32\msxml4.dll 
C:\WINDOWS\system32\ATIDEMGX.dll 
C:\WINDOWS\system32\ati2dvag.dll 
C:\WINDOWS\system32\atioglxx.dll 
C:\WINDOWS\system32\atipdlxx.dll 
C:\WINDOWS\system32\Oemdspif.dll 
C:\WINDOWS\system32\Ati2mdxx.exe 
C:\WINDOWS\system32\ati2edxx.dll 
C:\WINDOWS\system32\ati2evxx.dll 
C:\WINDOWS\system32\ati2evxx.exe 
C:\WINDOWS\system32\ATIDDC.DLL 
C:\WINDOWS\system32\atiiiexx.dll 
C:\WINDOWS\system32\ati3duag.dll 
C:\WINDOWS\system32\ativvaxx.dll 
C:\WINDOWS\system32\ativvaxx.dat 
C:\WINDOWS\system32\ativva5x.dat 
C:\WINDOWS\system32\ativva6x.dat 
C:\WINDOWS\system32\amdpcom32.dll 
C:\WINDOWS\system32\atikvmag.dll 
C:\WINDOWS\system32\atiadlxx.dll 
C:\WINDOWS\system32\atitvo32.dll 
C:\WINDOWS\system32\atiok3x2.dll 
C:\WINDOWS\system32\ati2cqag.dll 
C:\WINDOWS\system32\ati2sgag.exe 
C:\WINDOWS\system32\CatRoot 
C:\WINDOWS\system32\atiicdxx.dat 
C:\WINDOWS\system32\win32k.sys 
C:\WINDOWS\system32\appmgmt 
C:\WINDOWS\system32\msxml6.dll 
C:\WINDOWS\system32\WgaLogon.dll 
C:\WINDOWS\system32\LegitCheckControl.dll 
C:\WINDOWS\system32\WgaTray.exe 
C:\WINDOWS\system32\msxml3.dll 
C:\WINDOWS\system32\spupdwxp.log 
C:\WINDOWS\system32\Setup 
C:\WINDOWS\system32\wbem 
C:\WINDOWS\system32\en-US 
C:\WINDOWS\system32\usmt 
C:\WINDOWS\system32\scripting 
C:\WINDOWS\system32\en 
C:\WINDOWS\system32\bits 
C:\WINDOWS\system32\npp 
C:\WINDOWS\system32\Com 
C:\WINDOWS\system32\oobe 
C:\WINDOWS\system32\msw3prt.dll 
C:\WINDOWS\system32\win32spl.dll 
C:\WINDOWS\system32\PreInstall 
C:\WINDOWS\system32\mshtml.dll 
C:\WINDOWS\system32\urlmon.dll 
C:\WINDOWS\system32\webcheck.dll 
C:\WINDOWS\system32\wininet.dll 
C:\WINDOWS\system32\mstime.dll 
C:\WINDOWS\system32\msfeedsbs.dll 
C:\WINDOWS\system32\msfeeds.dll 
C:\WINDOWS\system32\url.dll 
C:\WINDOWS\system32\occache.dll 
C:\WINDOWS\system32\mshtmled.dll 
C:\WINDOWS\system32\msrating.dll 
C:\WINDOWS\system32\inetcpl.cpl 
C:\WINDOWS\system32\pngfilt.dll 
C:\WINDOWS\system32\jsproxy.dll 
C:\WINDOWS\system32\iertutil.dll 
C:\WINDOWS\system32\iernonce.dll 
C:\WINDOWS\system32\iedkcs32.dll 
C:\WINDOWS\system32\ieakeng.dll 
C:\WINDOWS\system32\extmgr.dll 
C:\WINDOWS\system32\ieaksie.dll 
C:\WINDOWS\system32\advpack.dll 
C:\WINDOWS\system32\icardie.dll 
----------------------------------------

 
C:\WINDOWS\Prefetch

C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 
C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf 
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf 
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf 
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf 
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf 
C:\WINDOWS\Prefetch\NIRCMD.COM-323C21EC.pf 
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 
C:\WINDOWS\Prefetch\PV.CFEXE-0E6F2701.pf 
C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf 
C:\WINDOWS\Prefetch\NDUPLOAD.EXE-1FF26AAF.pf 
C:\WINDOWS\Prefetch\NIRCMD.CFEXE-19FF4781.pf 
C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf 
C:\WINDOWS\Prefetch\CF9321.EXE-29799B9D.pf 
C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf 
C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf 
C:\WINDOWS\Prefetch\FINDSTR.CFEXE-38519B93.pf 
C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf 
C:\WINDOWS\Prefetch\PGPFSD.EXE-078D4B3F.pf 
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf 
C:\WINDOWS\Prefetch\NDTRACK.EXE-2AC23926.pf 
C:\WINDOWS\Prefetch\CCC.EXE-2F1AF7F1.pf 
C:\WINDOWS\Prefetch\NDSENS.EXE-1BE7EE9A.pf 
C:\WINDOWS\Prefetch\MGSUSAGEAG.EXE-005CB8F3.pf 
C:\WINDOWS\Prefetch\MOBSYNC.EXE-173EDCEF.pf 
C:\WINDOWS\Prefetch\DOT1XCFG.EXE-087CDE23.pf 
C:\WINDOWS\Prefetch\PGPTRAY.EXE-1B2A2F0C.pf 
C:\WINDOWS\Prefetch\ERCLIENT7.EXE-2959D488.pf 
C:\WINDOWS\Prefetch\MOM.EXE-33A6BD58.pf 
C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf 
C:\WINDOWS\Prefetch\MLPOD36.EXE-34144FD7.pf 
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 
C:\WINDOWS\Prefetch\SMAX4PNP.EXE-381239AF.pf 
C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf 
C:\WINDOWS\Prefetch\HPQTOASTER.EXE-33D4AB00.pf 
C:\WINDOWS\Prefetch\CLISTART.EXE-315E0C43.pf 
C:\WINDOWS\Prefetch\ADCIST.EXE-2F8AFA74.pf 
C:\WINDOWS\Prefetch\QLBPRES.EXE-34B537FB.pf 
C:\WINDOWS\Prefetch\ZCFGSVC.EXE-1A56EA85.pf 
C:\WINDOWS\Prefetch\IFRMEWRK.EXE-0618C85D.pf 
C:\WINDOWS\Prefetch\NDTASK.EXE-20A315FC.pf 
C:\WINDOWS\Prefetch\CCDOCTOR.EXE-2CB6E508.pf 
C:\WINDOWS\Prefetch\SMC.EXE-2E09B9F3.pf 
C:\WINDOWS\Prefetch\HPWAMAIN.EXE-1BDCDD0D.pf 
C:\WINDOWS\Prefetch\AEXAGENTACTIVATE.EXE-0E49AC9B.pf 
C:\WINDOWS\Prefetch\S_USER.EXE-2942424B.pf 
C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf 
C:\WINDOWS\Prefetch\RUNIT.EXE-1A494A63.pf 
C:\WINDOWS\Prefetch\ADCIUS.EXE-1F25FF84.pf 
C:\WINDOWS\Prefetch\NDSCHEDAG.EXE-176CE058.pf 
C:\WINDOWS\Prefetch\QLBCTRL.EXE-0325C50A.pf 
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf 
C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf 
C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf 
C:\WINDOWS\Prefetch\ATCHK.EXE-2DA7F26A.pf 
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf 
C:\WINDOWS\Prefetch\SYNTPSTART.EXE-25038CFE.pf 
C:\WINDOWS\Prefetch\ATTRIB.CFEXE-07A4D3CF.pf 
C:\WINDOWS\Prefetch\NPLOGON.EXE-088B742D.pf 
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf 
C:\WINDOWS\Prefetch\IPASSPERIODICUPDATEAPP.EXE-0F28E41D.pf 
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf 
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf 
C:\WINDOWS\Prefetch\HPQWMIEX.EXE-1982D280.pf 
C:\WINDOWS\Prefetch\UNS.EXE-24FF2AAB.pf 
C:\WINDOWS\Prefetch\SQLWRITER.EXE-0050A6DE.pf 
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf 
C:\WINDOWS\Prefetch\COMBOFIX-DOWNLOAD.EXE-019F7CBB.pf 
C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf 
C:\WINDOWS\Prefetch\WRP.CFEXE-216127FC.pf 
C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf 
C:\WINDOWS\Prefetch\CMD.EXECF-27E83661.pf 
C:\WINDOWS\Prefetch\GREP.CFEXE-273BC5E1.pf 
C:\WINDOWS\Prefetch\SED.CFEXE-238FCCA6.pf 
C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf 
C:\WINDOWS\Prefetch\NIRCMD.CFEXE-0E3F4BC2.pf 
C:\WINDOWS\Prefetch\PV.CFEXE-23E4A9A0.pf 
C:\WINDOWS\Prefetch\COMBOFIX.EXE-113D1A23.pf 
C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf 
C:\WINDOWS\Prefetch\NIRCMD.COM-10563DC3.pf 
C:\WINDOWS\Prefetch\GSAR.CFEXE-0E6FCB31.pf 
C:\WINDOWS\Prefetch\RUNDLL32.EXE-24FE0C44.pf 
C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf 
C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf 
C:\WINDOWS\Prefetch\CF9108.EXE-11728D3A.pf 
C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf 
C:\WINDOWS\Prefetch\Layout.ini 
C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf 
C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf 
C:\WINDOWS\Prefetch\PBUPDATE.EXE-122A4B96.pf 
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf 
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf 
C:\WINDOWS\Prefetch\DWHWIZRD.EXE-2CC782A2.pf 
C:\WINDOWS\Prefetch\RADREXXW.EXE-2994791E.pf 
C:\WINDOWS\Prefetch\RADSTATE.EXE-36A9DD91.pf 
C:\WINDOWS\Prefetch\RADPNLWR.EXE-1754A35B.pf 
C:\WINDOWS\Prefetch\NVDKIT.EXE-22E073A8.pf 
C:\WINDOWS\Prefetch\HIDE.EXE-1E5316AF.pf 
C:\WINDOWS\Prefetch\RADPINIT.EXE-0900868D.pf 
C:\WINDOWS\Prefetch\RADCONCT.EXE-28D5DA4E.pf 
C:\WINDOWS\Prefetch\RADTRAY.EXE-0940593F.pf 
C:\WINDOWS\Prefetch\RADSKMAN.EXE-2FA225BE.pf 
C:\WINDOWS\Prefetch\OUTLOOK.EXE-39385AAC.pf 
C:\WINDOWS\Prefetch\PGPWDE.EXE-366E7F66.pf 
C:\WINDOWS\Prefetch\INVSEND.EXE-3A301943.pf 
C:\WINDOWS\Prefetch\ADCIUPD.EXE-0E4A1C9B.pf 
C:\WINDOWS\Prefetch\DSNETWORKCONNECT.EXE-246E563E.pf 
C:\WINDOWS\Prefetch\DSHOSTCHECKER.EXE-24C10BD7.pf 
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 
C:\WINDOWS\Prefetch\SECURID.EXE-116BEA7C.pf 
C:\WINDOWS\Prefetch\NDSERV.EXE-04617BC7.pf 
C:\WINDOWS\Prefetch\NDLAUNCH.EXE-12AEB51C.pf 
C:\WINDOWS\Prefetch\PCOWNER.EXE-2EA3AD07.pf 
C:\WINDOWS\Prefetch\SMAX4.EXE-3ABA87F8.pf 
C:\WINDOWS\Prefetch\AUMSTATUS.EXE-1BAEF888.pf 
C:\WINDOWS\Prefetch\VPTRAY.EXE-2D128BA2.pf 
C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf 
C:\WINDOWS\Prefetch\LUALL.EXE-2BCC229F.pf 
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf 
C:\WINDOWS\Prefetch\MGSPOLICY.EXE-26DA3CE1.pf 
C:\WINDOWS\Prefetch\PNKBSTRB.EXE-21412697.pf 
C:\WINDOWS\Prefetch\~E5.0001-0B3641BA.pf 
C:\WINDOWS\Prefetch\BF2.EXE-0133EEE4.pf 
C:\WINDOWS\Prefetch\VPTRAY.EXE-21252F09.pf 
C:\WINDOWS\Prefetch\ICON6560581611.EXE-229A9A02.pf 
C:\WINDOWS\Prefetch\RADSCHED.EXE-04F86B82.pf 
C:\WINDOWS\Prefetch\RADEXECD.EXE-1F9CE34A.pf 
C:\WINDOWS\Prefetch\RADSTGMS.EXE-14172802.pf 
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf 
----------------------------------------

 
C:\WINDOWS\Tasks

C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE68F7CF-6990-475B-BFBA-9F0A7D1A0599}.job 
C:\WINDOWS\Tasks\SA.DAT 
C:\WINDOWS\Tasks\desktop.ini 
----------------------------------------

 
C:\WINDOWS\Temp

C:\WINDOWS\Temp\14.tmp 
C:\WINDOWS\Temp\Perflib_Perfdata_930.dat 
C:\WINDOWS\Temp\atchksrv.log 
----------------------------------------

 
C:\DOCUME~1\sbuggerm\LOCALS~1\Temp

C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF7619.tmp
C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF2F5D.tmp
C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF2F50.tmp
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\Documents and Settings\All Users\.. 

Default User    
sbuggerm.CNU8100KCV    
CNU8100KCV    
All Users    
sbuggerm    
cc-albd    
leotest    
LocalService    
Administrator    
NetworkService    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts


----------------------------------------



Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
System Idle Process            0 Console                 0         28 K
System                         4 Console                 0        256 K
smss.exe                    1692 Console                 0        388 K
csrss.exe                   1368 Console                 0      6,760 K
winlogon.exe                 236 Console                 0      4,740 K
services.exe                 744 Console                 0      3,696 K
lsass.exe                    760 Console                 0      4,332 K
ati2evxx.exe                1384 Console                 0      3,356 K
svchost.exe                 1488 Console                 0      5,248 K
svchost.exe                 1680 Console                 0      4,828 K
svchost.exe                 1968 Console                 0     27,840 K
btwdins.exe                 1992 Console                 0      3,196 K
ati2evxx.exe                 168 Console                 0      3,884 K
Smc.exe                      628 Console                 0     25,376 K
S24EvMon.exe                1200 Console                 0     12,704 K
svchost.exe                  836 Console                 0      3,548 K
svchost.exe                 1028 Console                 0      7,916 K
ccSetMgr.exe                1856 Console                 0      4,368 K
ccEvtMgr.exe                 608 Console                 0      3,000 K
SPBBCSvc.exe                1624 Console                 0      1,332 K
spoolsv.exe                 1832 Console                 0      6,864 K
AeXNSAgent.exe              1156 Console                 0      4,760 K
atchksrv.exe                1448 Console                 0      1,768 K
AUMService.exe               532 Console                 0      3,132 K
ContentManager.exe           696 Console                 0      2,548 K
DefWatch.exe                1180 Console                 0      5,044 K
dsNcService.exe             1424 Console                 0      3,024 K
EvtEng.exe                  1836 Console                 0     12,184 K
inetinfo.exe                 816 Console                 0     10,512 K
iPassPeriodicUpdateServic   1264 Console                 0      3,656 K
iviRegMgr.exe                428 Console                 0      2,200 K
LMS.exe                      476 Console                 0      1,980 K
mdm.exe                     2196 Console                 0      3,336 K
sqlservr.exe                2588 Console                 0      1,440 K
ndserv.exe                  3684 Console                 0      3,064 K
ndinit.exe                  1472 Console                 0      4,684 K
ndtask.exe                  2348 Console                 0      4,676 K
PGPserv.exe                 2352 Console                 0      6,952 K
PnkBstrA.exe                2460 Console                 0      2,412 K
radexecd.exe                2480 Console                 0      2,312 K
radsched.exe                2792 Console                 0      2,516 K
Radstgms.exe                2940 Console                 0      3,368 K
RegSrvc.exe                 3180 Console                 0      2,964 K
sqlbrowser.exe              3504 Console                 0      2,344 K
sqlwriter.exe               3632 Console                 0      3,504 K
svchost.exe                 3664 Console                 0      4,112 K
Rtvscan.exe                 3984 Console                 0     43,912 K
mgsusageag.exe              1292 Console                 0      8,984 K
UNS.exe                     3280 Console                 0      5,720 K
hpqwmiex.exe                1656 Console                 0      3,976 K
iPassPeriodicUpdateApp.ex   2648 Console                 0      8,152 K
alg.exe                     2312 Console                 0      3,680 K
wmiprvse.exe                3408 Console                 0      5,224 K
SynTPEnh.exe                2072 Console                 0      5,056 K
QLBCTRL.exe                 3704 Console                 0      5,812 K
ccApp.exe                   3452 Console                 0      6,196 K
VPTray.exe                  2108 Console                 0      8,248 K
ZCfgSvc.exe                 1864 Console                 0     13,884 K
iFrmewrk.exe                4024 Console                 0     17,832 K
HPWAMain.exe                2180 Console                 0      4,260 K
ndtask.exe                  3548 Console                 0      4,584 K
AUMStatus.exe               1740 Console                 0      2,244 K
HpqToaster.exe              2080 Console                 0      4,304 K
smax4pnp.exe                1936 Console                 0      4,416 K
adcist.exe                  2152 Console                 0      2,632 K
mlpod36.exe                 1860 Console                 0      8,112 K
ctfmon.exe                  2336 Console                 0      3,528 K
msmsgs.exe                  2920 Console                 0      2,444 K
MOM.exe                     2472 Console                 0      3,164 K
ERClient7.exe               5524 Console                 0      6,576 K
Dot1XCfg.exe                5696 Console                 0     15,216 K
CCC.exe                     5632 Console                 0      6,544 K
svchost.exe                 3020 Console                 0      3,404 K
explorer.exe                4972 Console                 0     24,580 K
notepad.exe                 6100 Console                 0      4,104 K
iexplore.exe                4632 Console                 0     58,316 K
HijackThis.exe              2560 Console                 0     12,796 K
cmd.exe                     5400 Console                 0      2,048 K
tasklist.exe                5768 Console                 0      4,452 K
wmiprvse.exe                4080 Console                 0      5,728 K

 
***** Ende des Scans 2008-11-28 um 22:54:31.98 ***

[Sven_]

Und zu guter letzt noch das logfile des Filetools. Der Ordner C:\WINDOWS\system32\I2 existiert auf meinem System nicht.

Code:

###########################
#Dateiliste vom 2008-11-28#
###########################

1. Spalte -> Pfad / Dateinamen
2. Spalte -> Dateigrösse


C:\WINDOWS\system32\1033 
=========================

C:\WINDOWS\system32\1033 \dwintl.dll                                  54.3 KB
C:\WINDOWS\system32\1033 \vsjitdebuggerui.dll                         8.5 KB


C:\WINDOWS\system32\am2
=======================

Keine Dateien vorhanden


C:\WINDOWS\system32\CAE 
========================

Keine Dateien vorhanden


C:\WINDOWS\system32\drivers 
============================

C:\WINDOWS\system32\drivers \1394bus.sys                              52.1 KB
C:\WINDOWS\system32\drivers \Accelerometer.sys                        21.5 KB
C:\WINDOWS\system32\drivers \acpi.sys                                 183.4 KB
C:\WINDOWS\system32\drivers \acpiec.sys                               11.4 KB
C:\WINDOWS\system32\drivers \ADIHdAud.sys                             283 KB
C:\WINDOWS\system32\drivers \adv01nt5.dll                             4.2 KB
C:\WINDOWS\system32\drivers \adv02nt5.dll                             3.9 KB
C:\WINDOWS\system32\drivers \adv05nt5.dll                             3.5 KB
C:\WINDOWS\system32\drivers \adv07nt5.dll                             3.6 KB
C:\WINDOWS\system32\drivers \adv08nt5.dll                             3.1 KB
C:\WINDOWS\system32\drivers \adv09nt5.dll                             3.6 KB
C:\WINDOWS\system32\drivers \adv11nt5.dll                             3.7 KB
C:\WINDOWS\system32\drivers \aeaudio.sys                              91.8 KB
C:\WINDOWS\system32\drivers \aec.sys                                  139.2 KB
C:\WINDOWS\system32\drivers \AegisP.sys                               20.9 KB
C:\WINDOWS\system32\drivers \afd.sys                                  135.2 KB
C:\WINDOWS\system32\drivers \agp440.sys                               41.4 KB
C:\WINDOWS\system32\drivers \agpcpq.sys                               43.9 KB
C:\WINDOWS\system32\drivers \alim1541.sys                             41.8 KB
C:\WINDOWS\system32\drivers \amdagp.sys                               42 KB
C:\WINDOWS\system32\drivers \amdk6.sys                                36.5 KB
C:\WINDOWS\system32\drivers \amdk7.sys                                36.9 KB
C:\WINDOWS\system32\drivers \arp1394.sys                              59.4 KB
C:\WINDOWS\system32\drivers \asyncmac.sys                             14 KB
C:\WINDOWS\system32\drivers \atapi.sys                                94.2 KB
C:\WINDOWS\system32\drivers \ati1btxx.sys                             55.3 KB
C:\WINDOWS\system32\drivers \ati1mdxx.sys                             11.3 KB
C:\WINDOWS\system32\drivers \ati1pdxx.sys                             11.8 KB
C:\WINDOWS\system32\drivers \ati1raxx.sys                             30 KB
C:\WINDOWS\system32\drivers \ati1rvxx.sys                             62.2 KB
C:\WINDOWS\system32\drivers \ati1snxx.sys                             25.7 KB
C:\WINDOWS\system32\drivers \ati1ttxx.sys                             20.8 KB
C:\WINDOWS\system32\drivers \ati1tuxx.sys                             35.6 KB
C:\WINDOWS\system32\drivers \ati1xbxx.sys                             28.8 KB
C:\WINDOWS\system32\drivers \ati1xsxx.sys                             33.9 KB
C:\WINDOWS\system32\drivers \ati2erec.dll                             52 KB
C:\WINDOWS\system32\drivers \ati2mtaa.sys                             319.4 KB
C:\WINDOWS\system32\drivers \ati2mtag.sys                             3.2 MB
C:\WINDOWS\system32\drivers \AtiHdAud.sys                             83 KB
C:\WINDOWS\system32\drivers \AtiHdmi.sys                              91.5 KB
C:\WINDOWS\system32\drivers \atinbtxx.sys                             56.5 KB
C:\WINDOWS\system32\drivers \atinmdxx.sys                             13.5 KB
C:\WINDOWS\system32\drivers \atinpdxx.sys                             14 KB
C:\WINDOWS\system32\drivers \atinraxx.sys                             51 KB
C:\WINDOWS\system32\drivers \atinrvxx.sys                             102.5 KB
C:\WINDOWS\system32\drivers \atinsnxx.sys                             28 KB
C:\WINDOWS\system32\drivers \atinttxx.sys                             13.5 KB
C:\WINDOWS\system32\drivers \atintuxx.sys                             71.5 KB
C:\WINDOWS\system32\drivers \atinxbxx.sys                             31 KB
C:\WINDOWS\system32\drivers \atinxsxx.sys                             62 KB
C:\WINDOWS\system32\drivers \ativcaxx.cpa                             1.3 MB
C:\WINDOWS\system32\drivers \ativcaxx.vp                              929 Bytes
C:\WINDOWS\system32\drivers \ativckxx.vp                              2 KB
C:\WINDOWS\system32\drivers \ativdkxx.vp                              2 KB
C:\WINDOWS\system32\drivers \ativmc20.cod                             62.8 KB
C:\WINDOWS\system32\drivers \ativvpxx.vp                              43.3 KB
C:\WINDOWS\system32\drivers \atksgt.sys                               272.2 KB
C:\WINDOWS\system32\drivers \atmarpc.sys                              58.5 KB
C:\WINDOWS\system32\drivers \atmepvc.sys                              30.6 KB
C:\WINDOWS\system32\drivers \atmlane.sys                              54.5 KB
C:\WINDOWS\system32\drivers \atmuni.sys                               344 KB
C:\WINDOWS\system32\drivers \atswpdrv.sys                             143.4 KB
C:\WINDOWS\system32\drivers \atv01nt5.dll                             20.7 KB
C:\WINDOWS\system32\drivers \atv02nt5.dll                             11.1 KB
C:\WINDOWS\system32\drivers \atv04nt5.dll                             24.9 KB
C:\WINDOWS\system32\drivers \atv06nt5.dll                             13.8 KB
C:\WINDOWS\system32\drivers \atv10nt5.dll                             16.9 KB
C:\WINDOWS\system32\drivers \audstub.sys                              3 KB
C:\WINDOWS\system32\drivers \battc.sys                                13.9 KB
C:\WINDOWS\system32\drivers \beep.sys                                 4.1 KB
C:\WINDOWS\system32\drivers \bridge.sys                               69.9 KB
C:\WINDOWS\system32\drivers \btaudio.sys                              518.4 KB
C:\WINDOWS\system32\drivers \bthenum.sys                              16.6 KB
C:\WINDOWS\system32\drivers \bthmodem.sys                             37 KB
C:\WINDOWS\system32\drivers \bthpan.sys                               98.8 KB
C:\WINDOWS\system32\drivers \bthport.sys                              265.8 KB
C:\WINDOWS\system32\drivers \bthprint.sys                             35.6 KB
C:\WINDOWS\system32\drivers \bthusb.sys                               18.5 KB
C:\WINDOWS\system32\drivers \btkrnl.sys                               847.9 KB
C:\WINDOWS\system32\drivers \btport.sys                               29.7 KB
C:\WINDOWS\system32\drivers \btwusb.sys                               66.4 KB
C:\WINDOWS\system32\drivers \cbidf2k.sys                              13.6 KB
C:\WINDOWS\system32\drivers \cdaudio.sys                              18.2 KB
C:\WINDOWS\system32\drivers \cdfs.sys                                 62.2 KB
C:\WINDOWS\system32\drivers \cdr4_xp.sys                              2.4 KB
C:\WINDOWS\system32\drivers \cdralw2k.sys                             2.5 KB
C:\WINDOWS\system32\drivers \cdrom.sys                                61.5 KB
C:\WINDOWS\system32\drivers \ch7xxnt5.dll                             15.1 KB
C:\WINDOWS\system32\drivers \cinemst2.sys                             256.4 KB
C:\WINDOWS\system32\drivers \classpnp.sys                             48.4 KB
C:\WINDOWS\system32\drivers \cmbatt.sys                               13.6 KB
C:\WINDOWS\system32\drivers \compbatt.sys                             10 KB
C:\WINDOWS\system32\drivers \CPQBttn.sys                              9.2 KB
C:\WINDOWS\system32\drivers \cpqdap01.sys                             11.5 KB
C:\WINDOWS\system32\drivers \crusoe.sys                               35.9 KB
C:\WINDOWS\system32\drivers \cxthsfs2.cty                             126 KB
C:\WINDOWS\system32\drivers \disk.sys                                 35.5 KB
C:\WINDOWS\system32\drivers \diskdump.sys                             13.9 KB
C:\WINDOWS\system32\drivers \DLACDBHM.SYS                             12.6 KB
C:\WINDOWS\system32\drivers \DLARTL_M.SYS                             27.5 KB
C:\WINDOWS\system32\drivers \dmboot.sys                               781 KB
C:\WINDOWS\system32\drivers \dmio.sys                                 149.8 KB
C:\WINDOWS\system32\drivers \dmload.sys                               5.8 KB
C:\WINDOWS\system32\drivers \dmusic.sys                               51.6 KB
C:\WINDOWS\system32\drivers \drmk.sys                                 58.8 KB
C:\WINDOWS\system32\drivers \drmkaud.sys                              2.9 KB
C:\WINDOWS\system32\drivers \DRVMCDB.SYS                              96.9 KB
C:\WINDOWS\system32\drivers \DRVNDDM.SYS                              50.6 KB
C:\WINDOWS\system32\drivers \dsNcAdpt.sys                             23 KB
C:\WINDOWS\system32\drivers \dxapi.sys                                10.2 KB
C:\WINDOWS\system32\drivers \dxg.sys                                  69.5 KB
C:\WINDOWS\system32\drivers \dxgthk.sys                               3.2 KB
C:\WINDOWS\system32\drivers \e1e5132.sys                              244.9 KB
C:\WINDOWS\system32\drivers \eacfilt.sys                              10.9 KB
C:\WINDOWS\system32\drivers \enum1394.sys                             6.2 KB
C:\WINDOWS\system32\drivers \fastfat.sys                              140.4 KB
C:\WINDOWS\system32\drivers \fdc.sys                                  26.8 KB
C:\WINDOWS\system32\drivers \fips.sys                                 43.5 KB
C:\WINDOWS\system32\drivers \flpydisk.sys                             20 KB
C:\WINDOWS\system32\drivers \fltmgr.sys                               126.8 KB
C:\WINDOWS\system32\drivers \fsvga.sys                                11.9 KB
C:\WINDOWS\system32\drivers \fs_rec.sys                               7.8 KB
C:\WINDOWS\system32\drivers \ftdisk.sys                               122.1 KB
C:\WINDOWS\system32\drivers \gagp30kx.sys                             45.4 KB
C:\WINDOWS\system32\drivers \gm.dls                                   3.3 MB
C:\WINDOWS\system32\drivers \gmreadme.txt                             646 Bytes
C:\WINDOWS\system32\drivers \hdaudbus.sys                             141 KB
C:\WINDOWS\system32\drivers \Hdaudio.sys                              142.5 KB
C:\WINDOWS\system32\drivers \hidbth.sys                               25 KB
C:\WINDOWS\system32\drivers \hidclass.sys                             36 KB
C:\WINDOWS\system32\drivers \hidir.sys                                18.8 KB
C:\WINDOWS\system32\drivers \hidparse.sys                             24.4 KB
C:\WINDOWS\system32\drivers \hidusb.sys                               10.1 KB
C:\WINDOWS\system32\drivers \HP24X.sys                                34.2 KB
C:\WINDOWS\system32\drivers \HPAUMDriver.sys                          6.6 KB
C:\WINDOWS\system32\drivers \hpdskflt.sys                             17.5 KB
C:\WINDOWS\system32\drivers \HpqKbFiltr.sys                           16.4 KB
C:\WINDOWS\system32\drivers \hsfbs2s2.sys                             214.9 KB
C:\WINDOWS\system32\drivers \hsfcxts2.sys                             669 KB
C:\WINDOWS\system32\drivers \hsfdpsp2.sys                             1017.1 KB
C:\WINDOWS\system32\drivers \HSFHWAZL.sys                             205.9 KB
C:\WINDOWS\system32\drivers \HSFProf.cty                              140.5 KB
C:\WINDOWS\system32\drivers \HSF_CNXT.sys                             714 KB
C:\WINDOWS\system32\drivers \HSF_DPV.sys                              964.9 KB
C:\WINDOWS\system32\drivers \http.sys                                 258.6 KB
C:\WINDOWS\system32\drivers \i8042prt.sys                             51.2 KB
C:\WINDOWS\system32\drivers \iaStor.sys                               297.8 KB
C:\WINDOWS\system32\drivers \ifxtpm.sys                               40.2 KB
C:\WINDOWS\system32\drivers \imapi.sys                                41.1 KB
C:\WINDOWS\system32\drivers \intelppm.sys                             35.5 KB
C:\WINDOWS\system32\drivers \ip6fw.sys                                35.8 KB
C:\WINDOWS\system32\drivers \iPassP.sys                               20.9 KB
C:\WINDOWS\system32\drivers \ipfltdrv.sys                             32.1 KB
C:\WINDOWS\system32\drivers \ipinip.sys                               20.4 KB
C:\WINDOWS\system32\drivers \ipnat.sys                                149.2 KB
C:\WINDOWS\system32\drivers \ipsec.sys                                73.5 KB
C:\WINDOWS\system32\drivers \ipsecw2k.sys                             211.4 KB
C:\WINDOWS\system32\drivers \irbus.sys                                45.5 KB
C:\WINDOWS\system32\drivers \irenum.sys                               11 KB
C:\WINDOWS\system32\drivers \isapnp.sys                               36.4 KB
C:\WINDOWS\system32\drivers \kbdclass.sys                             24 KB
C:\WINDOWS\system32\drivers \kbdhid.sys                               14.2 KB
C:\WINDOWS\system32\drivers \kmixer.sys                               168.4 KB
C:\WINDOWS\system32\drivers \ks.sys                                   137.8 KB
C:\WINDOWS\system32\drivers \ksecdd.sys                               90.1 KB
C:\WINDOWS\system32\drivers \lirsgt.sys                               24.8 KB
C:\WINDOWS\system32\drivers \mcd.sys                                  7.5 KB
C:\WINDOWS\system32\drivers \mdmxsdk.sys                              12.4 KB
C:\WINDOWS\system32\drivers \mf.sys                                   62.2 KB
C:\WINDOWS\system32\drivers \mnmdd.sys                                4.1 KB
C:\WINDOWS\system32\drivers \modem.sys                                29.4 KB
C:\WINDOWS\system32\drivers \mouclass.sys                             22.5 KB
C:\WINDOWS\system32\drivers \mouhid.sys                               11.9 KB
C:\WINDOWS\system32\drivers \mountmgr.sys                             41.4 KB
C:\WINDOWS\system32\drivers \mqac.sys                                 90.4 KB
C:\WINDOWS\system32\drivers \mrxdav.sys                               176.4 KB
C:\WINDOWS\system32\drivers \mrxsmb.sys                               444.6 KB
C:\WINDOWS\system32\drivers \msfs.sys                                 18.6 KB
C:\WINDOWS\system32\drivers \MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 0 Bytes
C:\WINDOWS\system32\drivers \Msft_Kernel_HpqKbFiltr_01005.Wdf         0 Bytes
C:\WINDOWS\system32\drivers \msgpc.sys                                34.2 KB
C:\WINDOWS\system32\drivers \mskssrv.sys                              7.4 KB
C:\WINDOWS\system32\drivers \mspclock.sys                             5.2 KB
C:\WINDOWS\system32\drivers \mspqm.sys                                4.9 KB
C:\WINDOWS\system32\drivers \mssmbios.sys                             15.1 KB
C:\WINDOWS\system32\drivers \mtlmnt5.sys                              123.7 KB
C:\WINDOWS\system32\drivers \mtlstrm.sys                              1.2 MB
C:\WINDOWS\system32\drivers \mtxparhm.sys                             442.1 KB
C:\WINDOWS\system32\drivers \mup.sys                                  102.9 KB
C:\WINDOWS\system32\drivers \mutohpen.sys                             12.4 KB
C:\WINDOWS\system32\drivers \mvfs40.sys                               494.2 KB
C:\WINDOWS\system32\drivers \mvfs50.sys                               496.7 KB
C:\WINDOWS\system32\drivers \ndis.sys                                 178.4 KB
C:\WINDOWS\system32\drivers \ndistapi.sys                             9.9 KB
C:\WINDOWS\system32\drivers \ndisuio.sys                              14.2 KB
C:\WINDOWS\system32\drivers \ndiswan.sys                              89.4 KB
C:\WINDOWS\system32\drivers \ndproxy.sys                              39.6 KB
C:\WINDOWS\system32\drivers \netbios.sys                              33.9 KB
C:\WINDOWS\system32\drivers \netbt.sys                                159 KB
C:\WINDOWS\system32\drivers \NETw4x32.sys                             2.1 MB
C:\WINDOWS\system32\drivers \netwlan5.img                             66.3 KB
C:\WINDOWS\system32\drivers \nic1394.sys                              60.4 KB
C:\WINDOWS\system32\drivers \nikedrv.sys                              11.8 KB
C:\WINDOWS\system32\drivers \nmnt.sys                                 39.4 KB
C:\WINDOWS\system32\drivers \npfs.sys                                 30.1 KB
C:\WINDOWS\system32\drivers \ntfs.sys                                 561.5 KB
C:\WINDOWS\system32\drivers \ntmtlfax.sys                             176.1 KB
C:\WINDOWS\system32\drivers \null.sys                                 2.9 KB
C:\WINDOWS\system32\drivers \nv4_mini.sys                             1.8 MB
C:\WINDOWS\system32\drivers \nwlnkflt.sys                             12.1 KB
C:\WINDOWS\system32\drivers \nwlnkfwd.sys                             31.8 KB
C:\WINDOWS\system32\drivers \nwlnkipx.sys                             86.2 KB
C:\WINDOWS\system32\drivers \nwlnknb.sys                              61.8 KB
C:\WINDOWS\system32\drivers \nwlnkspx.sys                             54.6 KB
C:\WINDOWS\system32\drivers \nwrdr.sys                                159.8 KB
C:\WINDOWS\system32\drivers \ohci1394.sys                             60.2 KB
C:\WINDOWS\system32\drivers \oprghdlr.sys                             3.4 KB
C:\WINDOWS\system32\drivers \p3.sys                                   41.8 KB
C:\WINDOWS\system32\drivers \parport.sys                              78.2 KB
C:\WINDOWS\system32\drivers \partmgr.sys                              19.2 KB
C:\WINDOWS\system32\drivers \parvdm.sys                               6.6 KB
C:\WINDOWS\system32\drivers \pci.sys                                  66.6 KB
C:\WINDOWS\system32\drivers \pciide.sys                               3.2 KB
C:\WINDOWS\system32\drivers \pciidex.sys                              24.4 KB
C:\WINDOWS\system32\drivers \pcmcia.sys                               117.4 KB
C:\WINDOWS\system32\drivers \PGPdisk.sys                              240.1 KB
C:\WINDOWS\system32\drivers \PGPfsfd.sys                              125.6 KB
C:\WINDOWS\system32\drivers \PGPsdk.sys                               39.6 KB
C:\WINDOWS\system32\drivers \PGPwded.sys                              205.6 KB
C:\WINDOWS\system32\drivers \PnkBstrK.sys                             136.9 KB
C:\WINDOWS\system32\drivers \portcls.sys                              142.6 KB
C:\WINDOWS\system32\drivers \processr.sys                             35 KB
C:\WINDOWS\system32\drivers \psched.sys                               67.5 KB
C:\WINDOWS\system32\drivers \ptilink.sys                              17.4 KB
C:\WINDOWS\system32\drivers \pxhelp20.sys                             35.7 KB
C:\WINDOWS\system32\drivers \radiamsi.sys                             29.4 KB
C:\WINDOWS\system32\drivers \rasacd.sys                               8.6 KB
C:\WINDOWS\system32\drivers \rasl2tp.sys                              50.1 KB
C:\WINDOWS\system32\drivers \raspppoe.sys                             40.5 KB
C:\WINDOWS\system32\drivers \raspptp.sys                              47.2 KB
C:\WINDOWS\system32\drivers \raspti.sys                               16.1 KB
C:\WINDOWS\system32\drivers \rawwan.sys                               33.6 KB
C:\WINDOWS\system32\drivers \rdbss.sys                                171.6 KB
C:\WINDOWS\system32\drivers \rdpcdd.sys                               4.1 KB
C:\WINDOWS\system32\drivers \rdpdr.sys                                191.6 KB
C:\WINDOWS\system32\drivers \rdpwd.sys                                136.4 KB
C:\WINDOWS\system32\drivers \recagent.sys                             13.5 KB
C:\WINDOWS\system32\drivers \redbook.sys                              56.2 KB
C:\WINDOWS\system32\drivers \rfcomm.sys                               57.8 KB
C:\WINDOWS\system32\drivers \rimmptsk.sys                             39 KB
C:\WINDOWS\system32\drivers \rio8drv.sys                              11.8 KB
C:\WINDOWS\system32\drivers \riodrv.sys                               11.8 KB
C:\WINDOWS\system32\drivers \rismc32.sys                              46.5 KB
C:\WINDOWS\system32\drivers \rmcast.sys                               198.4 KB
C:\WINDOWS\system32\drivers \rndismp.sys                              29.9 KB
C:\WINDOWS\system32\drivers \rndismpx.sys                             29.9 KB
C:\WINDOWS\system32\drivers \rootmdm.sys                              5.8 KB
C:\WINDOWS\system32\drivers \s24trans.sys                             12.1 KB
C:\WINDOWS\system32\drivers \s3gnbm.sys                               163 KB
C:\WINDOWS\system32\drivers \scsiport.sys                             94.1 KB
C:\WINDOWS\system32\drivers \sdbus.sys                                77.4 KB
C:\WINDOWS\system32\drivers \secdrv.sys                               20 KB
C:\WINDOWS\system32\drivers \serenum.sys                              15.4 KB
C:\WINDOWS\system32\drivers \serial.sys                               63 KB
C:\WINDOWS\system32\drivers \sffdisk.sys                              11.6 KB
C:\WINDOWS\system32\drivers \sffp_mmc.sys                             10 KB
C:\WINDOWS\system32\drivers \sffp_sd.sys                              10.8 KB
C:\WINDOWS\system32\drivers \sfloppy.sys                              11.1 KB
C:\WINDOWS\system32\drivers \siint5.dll                               3.8 KB
C:\WINDOWS\system32\drivers \sisagp.sys                               40 KB
C:\WINDOWS\system32\drivers \slnt7554.sys                             126.5 KB
C:\WINDOWS\system32\drivers \slntamr.sys                              395.5 KB
C:\WINDOWS\system32\drivers \slnthal.sys                              93.2 KB
C:\WINDOWS\system32\drivers \slwdmsup.sys                             12.9 KB
C:\WINDOWS\system32\drivers \smbali.sys                               5.8 KB
C:\WINDOWS\system32\drivers \smclib.sys                               14.2 KB
C:\WINDOWS\system32\drivers \sonydcam.sys                             24.8 KB
C:\WINDOWS\system32\drivers \splitter.sys                             6.1 KB
C:\WINDOWS\system32\drivers \sr.sys                                   71.8 KB
C:\WINDOWS\system32\drivers \srv.sys                                  326 KB
C:\WINDOWS\system32\drivers \stream.sys                               48.2 KB
C:\WINDOWS\system32\drivers \swenum.sys                               4.2 KB
C:\WINDOWS\system32\drivers \swmidi.sys                               55.2 KB
C:\WINDOWS\system32\drivers \SYMEVENT.CAT                             7.8 KB
C:\WINDOWS\system32\drivers \SYMEVENT.INF                             805 Bytes
C:\WINDOWS\system32\drivers \SYMEVENT.SYS                             108.4 KB
C:\WINDOWS\system32\drivers \SynTP.sys                                208.7 KB
C:\WINDOWS\system32\drivers \sysaudio.sys                             59.4 KB
C:\WINDOWS\system32\drivers \tape.sys                                 14.6 KB
C:\WINDOWS\system32\drivers \tcpip.sys                                353.1 KB
C:\WINDOWS\system32\drivers \tcpip6.sys                               220.6 KB
C:\WINDOWS\system32\drivers \tdi.sys                                  18.6 KB
C:\WINDOWS\system32\drivers \tdpipe.sys                               11.8 KB
C:\WINDOWS\system32\drivers \tdtcp.sys                                21.4 KB
C:\WINDOWS\system32\drivers \Teefer.sys                               60.1 KB
C:\WINDOWS\system32\drivers \termdd.sys                               39.9 KB
C:\WINDOWS\system32\drivers \tosdvd.sys                               50.5 KB
C:\WINDOWS\system32\drivers \tsbvcap.sys                              20.9 KB
C:\WINDOWS\system32\drivers \tunmp.sys                                12 KB
C:\WINDOWS\system32\drivers \uagp35.sys                               43.6 KB
C:\WINDOWS\system32\drivers \udfs.sys                                 64.5 KB
C:\WINDOWS\system32\drivers \update.sys                               375.8 KB
C:\WINDOWS\system32\drivers \usb8023.sys                              12.5 KB
C:\WINDOWS\system32\drivers \usb8023x.sys                             12.5 KB
C:\WINDOWS\system32\drivers \USBAUDIO.sys                             58.6 KB
C:\WINDOWS\system32\drivers \usbcamd.sys                              25 KB
C:\WINDOWS\system32\drivers \usbcamd2.sys                             25.1 KB
C:\WINDOWS\system32\drivers \usbccgp.sys                              31.4 KB
C:\WINDOWS\system32\drivers \usbd.sys                                 4.6 KB
C:\WINDOWS\system32\drivers \usbehci.sys                              29.5 KB
C:\WINDOWS\system32\drivers \usbhub.sys                               58.1 KB
C:\WINDOWS\system32\drivers \usbintel.sys                             15.5 KB
C:\WINDOWS\system32\drivers \usbport.sys                              140.5 KB
C:\WINDOWS\system32\drivers \usbprint.sys                             25.2 KB
C:\WINDOWS\system32\drivers \usbscan.sys                              14.8 KB
C:\WINDOWS\system32\drivers \usbstor.sys                              25.8 KB
C:\WINDOWS\system32\drivers \usbuhci.sys                              20.1 KB
C:\WINDOWS\system32\drivers \usbvideo.sys                             119.1 KB
C:\WINDOWS\system32\drivers \v1e5132.sys                              99 KB
C:\WINDOWS\system32\drivers \vchnt5.dll                               11.1 KB
C:\WINDOWS\system32\drivers \vdmindvd.sys                             56.8 KB
C:\WINDOWS\system32\drivers \vga.sys                                  20.5 KB
C:\WINDOWS\system32\drivers \viaagp.sys                               41.2 KB
C:\WINDOWS\system32\drivers \videoprt.sys                             79.8 KB
C:\WINDOWS\system32\drivers \volsnap.sys                              51.1 KB
C:\WINDOWS\system32\drivers \VPCAppSv.sys                             10.1 KB
C:\WINDOWS\system32\drivers \VPCPower.sys                             28.1 KB
C:\WINDOWS\system32\drivers \wacompen.sys                             13.9 KB
C:\WINDOWS\system32\drivers \wadv07nt.sys                             11.5 KB
C:\WINDOWS\system32\drivers \wadv08nt.sys                             11 KB
C:\WINDOWS\system32\drivers \wadv09nt.sys                             11.6 KB
C:\WINDOWS\system32\drivers \wadv11nt.sys                             11.7 KB
C:\WINDOWS\system32\drivers \wanarp.sys                               33.8 KB
C:\WINDOWS\system32\drivers \watv06nt.sys                             21.7 KB
C:\WINDOWS\system32\drivers \watv10nt.sys                             24.9 KB
C:\WINDOWS\system32\drivers \wdf01000.sys                             480.5 KB
C:\WINDOWS\system32\drivers \wdfldr.sys                               31.5 KB
C:\WINDOWS\system32\drivers \wdmaud.sys                               81.1 KB
C:\WINDOWS\system32\drivers \wg3n.sys                                 14.5 KB
C:\WINDOWS\system32\drivers \wg4n.sys                                 14.5 KB
C:\WINDOWS\system32\drivers \wg5n.sys                                 14.5 KB
C:\WINDOWS\system32\drivers \wg6n.sys                                 14.5 KB
C:\WINDOWS\system32\drivers \wmiacpi.sys                              8.6 KB
C:\WINDOWS\system32\drivers \wmilib.sys                               4.2 KB
C:\WINDOWS\system32\drivers \wpdusb.sys                               37.6 KB
C:\WINDOWS\system32\drivers \wpsdrvnt.sys                             20.6 KB
C:\WINDOWS\system32\drivers \ws2ifsl.sys                              11.8 KB
C:\WINDOWS\system32\drivers \WudfPf.sys                               75.8 KB
C:\WINDOWS\system32\drivers \WudfRd.sys                               81 KB


C:\WINDOWS\system32\drivers\disdn
=================================

Keine Dateien vorhanden


C:\WINDOWS\system32\drivers\etc
===============================

C:\WINDOWS\system32\drivers\etc\hosts                                 27 Bytes
C:\WINDOWS\system32\drivers\etc\lmhosts.sam                           3.6 KB
C:\WINDOWS\system32\drivers\etc\networks                              407 Bytes
C:\WINDOWS\system32\drivers\etc\protocol                              799 Bytes
C:\WINDOWS\system32\drivers\etc\services                              10.8 KB


C:\WINDOWS\system32\drivers\UMDF
================================

C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf            0 Bytes
C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll                         655.5 KB


C:\WINDOWS\system32\EV19
========================

Keine Dateien vorhanden


C:\WINDOWS\system32\inetsrv 
============================

C:\WINDOWS\system32\inetsrv \admexs.dll                               29 KB
C:\WINDOWS\system32\inetsrv \ADROT.dll                                48.5 KB
C:\WINDOWS\system32\inetsrv \appconf.dll                              106 KB
C:\WINDOWS\system32\inetsrv \aqadmin.dll                              44 KB
C:\WINDOWS\system32\inetsrv \aqueue.dll                               323.5 KB
C:\WINDOWS\system32\inetsrv \asp.dll                                  361 KB
C:\WINDOWS\system32\inetsrv \asptxn.dll                               28.5 KB
C:\WINDOWS\system32\inetsrv \authfilt.dll                             9 KB
C:\WINDOWS\system32\inetsrv \browscap.dll                             44.5 KB
C:\WINDOWS\system32\inetsrv \browscap.ini                             30.9 KB
C:\WINDOWS\system32\inetsrv \CertMap.ocx                              92.5 KB
C:\WINDOWS\system32\inetsrv \certwiz.ocx                              269.5 KB
C:\WINDOWS\system32\inetsrv \cnfgprts.ocx                             74.5 KB
C:\WINDOWS\system32\inetsrv \coadmin.dll                              45.5 KB
C:\WINDOWS\system32\inetsrv \compfilt.dll                             23.5 KB
C:\WINDOWS\system32\inetsrv \ContRot.dll                              33 KB
C:\WINDOWS\system32\inetsrv \counters.dll                             20 KB
C:\WINDOWS\system32\inetsrv \davcdata.exe                             41.5 KB
C:\WINDOWS\system32\inetsrv \gzip.dll                                 31.5 KB
C:\WINDOWS\system32\inetsrv \httpext.dll                              262 KB
C:\WINDOWS\system32\inetsrv \httpmib.dll                              8 KB
C:\WINDOWS\system32\inetsrv \httpodbc.dll                             60 KB
C:\WINDOWS\system32\inetsrv \iis.msc                                  46.8 KB
C:\WINDOWS\system32\inetsrv \iisadmin.dll                             24.5 KB
C:\WINDOWS\system32\inetsrv \iischema.dll                             142 KB
C:\WINDOWS\system32\inetsrv \iisclex4.dll                             59.5 KB
C:\WINDOWS\system32\inetsrv \iiscrmap.dll                             19 KB
C:\WINDOWS\system32\inetsrv \iisfecnv.dll                             7 KB
C:\WINDOWS\system32\inetsrv \iislog.dll                               78 KB
C:\WINDOWS\system32\inetsrv \iisperf.pmc                              1.3 KB
C:\WINDOWS\system32\inetsrv \iisrstas.exe                             30 KB
C:\WINDOWS\system32\inetsrv \iissync.exe                              6.5 KB
C:\WINDOWS\system32\inetsrv \iisui.dll                                166 KB
C:\WINDOWS\system32\inetsrv \inetinfo.exe                             15 KB
C:\WINDOWS\system32\inetsrv \inetmgr.dll                              810 KB
C:\WINDOWS\system32\inetsrv \inetmgr.exe                              7.5 KB
C:\WINDOWS\system32\inetsrv \infocomm.dll                             251 KB
C:\WINDOWS\system32\inetsrv \isapips.dll                              7 KB
C:\WINDOWS\system32\inetsrv \isatq.dll                                67 KB
C:\WINDOWS\system32\inetsrv \iscomlog.dll                             26 KB
C:\WINDOWS\system32\inetsrv \iwrps.dll                                9 KB
C:\WINDOWS\system32\inetsrv \logscrpt.dll                             21.5 KB
C:\WINDOWS\system32\inetsrv \logtemp.sql                              326 Bytes
C:\WINDOWS\system32\inetsrv \logui.ocx                                75 KB
C:\WINDOWS\system32\inetsrv \lonsint.dll                              13 KB
C:\WINDOWS\system32\inetsrv \mailmsg.dll                              64 KB
C:\WINDOWS\system32\inetsrv \md5filt.dll                              37 KB
C:\WINDOWS\system32\inetsrv \mdsync.dll                               26 KB
C:\WINDOWS\system32\inetsrv \MetaBase.bin                             301.6 KB
C:\WINDOWS\system32\inetsrv \metadata.dll                             83.5 KB
C:\WINDOWS\system32\inetsrv \NEXTLINK.dll                             52 KB
C:\WINDOWS\system32\inetsrv \nsepm.dll                                43.5 KB
C:\WINDOWS\system32\inetsrv \ntfsdrv.dll                              38 KB
C:\WINDOWS\system32\inetsrv \PageCnt.dll                              31 KB
C:\WINDOWS\system32\inetsrv \PermChk.dll                              20.5 KB
C:\WINDOWS\system32\inetsrv \pwsdata.dll                              7.5 KB
C:\WINDOWS\system32\inetsrv \rpcref.dll                               4 KB
C:\WINDOWS\system32\inetsrv \scripto.dll                              56.5 KB
C:\WINDOWS\system32\inetsrv \seo.dll                                  216.5 KB
C:\WINDOWS\system32\inetsrv \seos.dll                                 25.5 KB
C:\WINDOWS\system32\inetsrv \smtpadm.dll                              185 KB
C:\WINDOWS\system32\inetsrv \smtpsnap.dll                             2 MB
C:\WINDOWS\system32\inetsrv \smtpsvc.dll                              445.5 KB
C:\WINDOWS\system32\inetsrv \ssinc.dll                                44 KB
C:\WINDOWS\system32\inetsrv \sspifilt.dll                             45.5 KB
C:\WINDOWS\system32\inetsrv \status.dll                               16.5 KB
C:\WINDOWS\system32\inetsrv \svcext.dll                               45.5 KB
C:\WINDOWS\system32\inetsrv \tools.dll                                33 KB
C:\WINDOWS\system32\inetsrv \uihelper.dll                             101 KB
C:\WINDOWS\system32\inetsrv \w3ext.dll                                72 KB
C:\WINDOWS\system32\inetsrv \w3svc.dll                                355.5 KB
C:\WINDOWS\system32\inetsrv \wam.dll                                  75 KB
C:\WINDOWS\system32\inetsrv \wamps.dll                                9 KB
C:\WINDOWS\system32\inetsrv \wamreg.dll                               52 KB


C:\WINDOWS\system32\inetsrv\ASP Compiled Templates
==================================================

Keine Dateien vorhanden


C:\WINDOWS\system32\inetsrv\iisadmin
====================================

Keine Dateien vorhanden


C:\WINDOWS\system32\inetsrv\iisadmin\htmldocs
=============================================

C:\WINDOWS\system32\inetsrv\iisadmin\htmldocs\iisdocs.htm             157 Bytes


C:\WINDOWS\system32\inetsrv\iisadmin\tour
=========================================

C:\WINDOWS\system32\inetsrv\iisadmin\tour\sampledb.mdb                74 KB


C:\WINDOWS\system32\inetsrv\iisadmpwd
=====================================

C:\WINDOWS\system32\inetsrv\iisadmpwd\achg.asp                        3.7 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp.asp                        2.4 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp2.asp                       2.1 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp2b.asp                      2.4 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp3.asp                       1.9 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp4.asp                       2.1 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\aexp4b.asp                      2.4 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\anot.asp                        2 KB
C:\WINDOWS\system32\inetsrv\iisadmpwd\anot3.asp                       1.5 KB


C:\WINDOWS\system32\inetsrv\MetaBack
====================================

C:\WINDOWS\system32\inetsrv\MetaBack\iischema-update.MD0              282.6 KB


C:\WINDOWS\system32\Logfiles 
=============================

Keine Dateien vorhanden


C:\WINDOWS\system32\Logfiles\HTTPERR
====================================

C:\WINDOWS\system32\Logfiles\HTTPERR\httperr1.log                     660 Bytes


C:\WINDOWS\system32\Logfiles\PunkBuster
=======================================

C:\WINDOWS\system32\Logfiles\PunkBuster\pbsvc.log                     2.3 KB
C:\WINDOWS\system32\Logfiles\PunkBuster\PnkBstrA.log                  32.7 KB
C:\WINDOWS\system32\Logfiles\PunkBuster\PnkBstrB.log                  19.4 KB


C:\WINDOWS\system32\Logfiles\W3SVC1
===================================

C:\WINDOWS\system32\Logfiles\W3SVC1\ex080414.log                      499 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080415.log                      5.3 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080428.log                      632 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080509.log                      867 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080604.log                      27.7 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080826.log                      362 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080910.log                      12.5 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080911.log                      64 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080922.log                      1.6 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex081015.log                      256 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex081026.log                      756 Bytes
C:\WINDOWS\system32\Logfiles\W3SVC1\ex081105.log                      64 KB
C:\WINDOWS\system32\Logfiles\W3SVC1\ex081109.log                      61.5 KB


C:\WINDOWS\system32\Logfiles\WUDF
=================================

Keine Dateien vorhanden


C:\WINDOWS\system32\pci 
========================

Keine Dateien vorhanden


C:\WINDOWS\system32\Restore 
============================

C:\WINDOWS\system32\Restore \filelist.xml                             19.1 KB
C:\WINDOWS\system32\Restore \MachineGuid.txt                          78 Bytes
C:\WINDOWS\system32\Restore \rstrui.exe                               371.5 KB
C:\WINDOWS\system32\Restore \srdiag.exe                               46 KB
C:\WINDOWS\system32\Restore \srframe.mmf                              984 Bytes


Total: 466 Dateien, 22 Ordner

-------------------------
Diese Dateiliste wurde erstellt mit dem FileList Creator, Version 1.40
Für mehr Infos: http://filelistcreator.raysworld.ch

Die ersten 10 Treffer von google auf die Anfrage "Buy stuff" wurden alle korrekt weitergeleitet das sieht schon mal viel versprechend aus
Was erzählen die Daten ?

Gruss
Sven

[Speedy]

hi

die nachfolgenden datei(en) hier bei virustotal
überprüfen lassen (nicht löschen!!), wenn das ergebnis
vorliegt, den kleinen button "filter" drücken, dann
das ergebnis (egal wie es aussieht) kopieren
und hier posten. alternativ kannst du die datei bei
virscan.org oder jotti überprüfen lassen.
a) niemals das Logfile von HijackThis, oder HJTScanlist überprüfen lassen!
b) immer alles kopieren und hier einfügen, keine zeile weglassen!
(wie soll das logfile aussehen)

C:\WINDOWS\iwlanver.dll
C:\WINDOWS\iwlandrvxpver.dll
C:\WINDOWS\uninsqvp.exe

1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
   
   Code:

   File::
   C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 
   C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf 
   C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf 
   C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf 
   C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf 
   C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf 
   C:\WINDOWS\Prefetch\NIRCMD.COM-323C21EC.pf 
   C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 
   C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 
   C:\WINDOWS\Prefetch\PV.CFEXE-0E6F2701.pf 
   C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf 
   C:\WINDOWS\Prefetch\NDUPLOAD.EXE-1FF26AAF.pf 
   C:\WINDOWS\Prefetch\NIRCMD.CFEXE-19FF4781.pf 
   C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf 
   C:\WINDOWS\Prefetch\CF9321.EXE-29799B9D.pf 
   C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf 
   C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf 
   C:\WINDOWS\Prefetch\FINDSTR.CFEXE-38519B93.pf 
   C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf 
   C:\WINDOWS\Prefetch\PGPFSD.EXE-078D4B3F.pf 
   C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf 
   C:\WINDOWS\Prefetch\NDTRACK.EXE-2AC23926.pf 
   C:\WINDOWS\Prefetch\CCC.EXE-2F1AF7F1.pf 
   C:\WINDOWS\Prefetch\NDSENS.EXE-1BE7EE9A.pf 
   C:\WINDOWS\Prefetch\MGSUSAGEAG.EXE-005CB8F3.pf 
   C:\WINDOWS\Prefetch\MOBSYNC.EXE-173EDCEF.pf 
   C:\WINDOWS\Prefetch\DOT1XCFG.EXE-087CDE23.pf 
   C:\WINDOWS\Prefetch\PGPTRAY.EXE-1B2A2F0C.pf 
   C:\WINDOWS\Prefetch\ERCLIENT7.EXE-2959D488.pf 
   C:\WINDOWS\Prefetch\MOM.EXE-33A6BD58.pf 
   C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf 
   C:\WINDOWS\Prefetch\MLPOD36.EXE-34144FD7.pf 
   C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 
   C:\WINDOWS\Prefetch\SMAX4PNP.EXE-381239AF.pf 
   C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf 
   C:\WINDOWS\Prefetch\HPQTOASTER.EXE-33D4AB00.pf 
   C:\WINDOWS\Prefetch\CLISTART.EXE-315E0C43.pf 
   C:\WINDOWS\Prefetch\ADCIST.EXE-2F8AFA74.pf 
   C:\WINDOWS\Prefetch\QLBPRES.EXE-34B537FB.pf 
   C:\WINDOWS\Prefetch\ZCFGSVC.EXE-1A56EA85.pf 
   C:\WINDOWS\Prefetch\IFRMEWRK.EXE-0618C85D.pf 
   C:\WINDOWS\Prefetch\NDTASK.EXE-20A315FC.pf 
   C:\WINDOWS\Prefetch\CCDOCTOR.EXE-2CB6E508.pf 
   C:\WINDOWS\Prefetch\SMC.EXE-2E09B9F3.pf 
   C:\WINDOWS\Prefetch\HPWAMAIN.EXE-1BDCDD0D.pf 
   C:\WINDOWS\Prefetch\AEXAGENTACTIVATE.EXE-0E49AC9B.pf 
   C:\WINDOWS\Prefetch\S_USER.EXE-2942424B.pf 
   C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf 
   C:\WINDOWS\Prefetch\RUNIT.EXE-1A494A63.pf 
   C:\WINDOWS\Prefetch\ADCIUS.EXE-1F25FF84.pf 
   C:\WINDOWS\Prefetch\NDSCHEDAG.EXE-176CE058.pf 
   C:\WINDOWS\Prefetch\QLBCTRL.EXE-0325C50A.pf 
   C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf 
   C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf 
   C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf 
   C:\WINDOWS\Prefetch\ATCHK.EXE-2DA7F26A.pf 
   C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf 
   C:\WINDOWS\Prefetch\SYNTPSTART.EXE-25038CFE.pf 
   C:\WINDOWS\Prefetch\ATTRIB.CFEXE-07A4D3CF.pf 
   C:\WINDOWS\Prefetch\NPLOGON.EXE-088B742D.pf 
   C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf 
   C:\WINDOWS\Prefetch\IPASSPERIODICUPDATEAPP.EXE-0F28E41D.pf 
   C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf 
   C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf 
   C:\WINDOWS\Prefetch\HPQWMIEX.EXE-1982D280.pf 
   C:\WINDOWS\Prefetch\UNS.EXE-24FF2AAB.pf 
   C:\WINDOWS\Prefetch\SQLWRITER.EXE-0050A6DE.pf 
   C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf 
   C:\WINDOWS\Prefetch\COMBOFIX-DOWNLOAD.EXE-019F7CBB.pf 
   C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf 
   C:\WINDOWS\Prefetch\WRP.CFEXE-216127FC.pf 
   C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf 
   C:\WINDOWS\Prefetch\CMD.EXECF-27E83661.pf 
   C:\WINDOWS\Prefetch\GREP.CFEXE-273BC5E1.pf 
   C:\WINDOWS\Prefetch\SED.CFEXE-238FCCA6.pf 
   C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf 
   C:\WINDOWS\Prefetch\NIRCMD.CFEXE-0E3F4BC2.pf 
   C:\WINDOWS\Prefetch\PV.CFEXE-23E4A9A0.pf 
   C:\WINDOWS\Prefetch\COMBOFIX.EXE-113D1A23.pf 
   C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf 
   C:\WINDOWS\Prefetch\NIRCMD.COM-10563DC3.pf 
   C:\WINDOWS\Prefetch\GSAR.CFEXE-0E6FCB31.pf 
   C:\WINDOWS\Prefetch\RUNDLL32.EXE-24FE0C44.pf 
   C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf 
   C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf 
   C:\WINDOWS\Prefetch\CF9108.EXE-11728D3A.pf 
   C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf 
   C:\WINDOWS\Prefetch\Layout.ini 
   C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf 
   C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf 
   C:\WINDOWS\Prefetch\PBUPDATE.EXE-122A4B96.pf 
   C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf 
   C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf 
   C:\WINDOWS\Prefetch\DWHWIZRD.EXE-2CC782A2.pf 
   C:\WINDOWS\Prefetch\RADREXXW.EXE-2994791E.pf 
   C:\WINDOWS\Prefetch\RADSTATE.EXE-36A9DD91.pf 
   C:\WINDOWS\Prefetch\RADPNLWR.EXE-1754A35B.pf 
   C:\WINDOWS\Prefetch\NVDKIT.EXE-22E073A8.pf 
   C:\WINDOWS\Prefetch\HIDE.EXE-1E5316AF.pf 
   C:\WINDOWS\Prefetch\RADPINIT.EXE-0900868D.pf 
   C:\WINDOWS\Prefetch\RADCONCT.EXE-28D5DA4E.pf 
   C:\WINDOWS\Prefetch\RADTRAY.EXE-0940593F.pf 
   C:\WINDOWS\Prefetch\RADSKMAN.EXE-2FA225BE.pf 
   C:\WINDOWS\Prefetch\OUTLOOK.EXE-39385AAC.pf 
   C:\WINDOWS\Prefetch\PGPWDE.EXE-366E7F66.pf 
   C:\WINDOWS\Prefetch\INVSEND.EXE-3A301943.pf 
   C:\WINDOWS\Prefetch\ADCIUPD.EXE-0E4A1C9B.pf 
   C:\WINDOWS\Prefetch\DSNETWORKCONNECT.EXE-246E563E.pf 
   C:\WINDOWS\Prefetch\DSHOSTCHECKER.EXE-24C10BD7.pf 
   C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 
   C:\WINDOWS\Prefetch\SECURID.EXE-116BEA7C.pf 
   C:\WINDOWS\Prefetch\NDSERV.EXE-04617BC7.pf 
   C:\WINDOWS\Prefetch\NDLAUNCH.EXE-12AEB51C.pf 
   C:\WINDOWS\Prefetch\PCOWNER.EXE-2EA3AD07.pf 
   C:\WINDOWS\Prefetch\SMAX4.EXE-3ABA87F8.pf 
   C:\WINDOWS\Prefetch\AUMSTATUS.EXE-1BAEF888.pf 
   C:\WINDOWS\Prefetch\VPTRAY.EXE-2D128BA2.pf 
   C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf 
   C:\WINDOWS\Prefetch\LUALL.EXE-2BCC229F.pf 
   C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf 
   C:\WINDOWS\Prefetch\MGSPOLICY.EXE-26DA3CE1.pf 
   C:\WINDOWS\Prefetch\PNKBSTRB.EXE-21412697.pf 
   C:\WINDOWS\Prefetch\~E5.0001-0B3641BA.pf 
   C:\WINDOWS\Prefetch\BF2.EXE-0133EEE4.pf 
   C:\WINDOWS\Prefetch\VPTRAY.EXE-21252F09.pf 
   C:\WINDOWS\Prefetch\ICON6560581611.EXE-229A9A02.pf 
   C:\WINDOWS\Prefetch\RADSCHED.EXE-04F86B82.pf 
   C:\WINDOWS\Prefetch\RADEXECD.EXE-1F9CE34A.pf 
   C:\WINDOWS\Prefetch\RADSTGMS.EXE-14172802.pf 
   C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf 
   C:\WINDOWS\Temp\14.tmp 
   C:\WINDOWS\Temp\Perflib_Perfdata_930.dat 
   C:\WINDOWS\Temp\atchksrv.log 
   C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF7619.tmp
   C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF2F5D.tmp
   C:\DOCUME~1\sbuggerm\LOCALS~1\Temp\~DF2F50.tmp
   Folder::
   C:\WINDOWS\system32\am2
   C:\WINDOWS\system32\CAE
   C:\WINDOWS\system32\drivers\disdn
   C:\WINDOWS\system32\EV19
   C:\WINDOWS\system32\pci

2. Speichere dies als CFScript.txt auf Deinem Desktop
   
   
   
3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
   NB: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen![/QUOTE]

öffne notepad und kopiere den folgenden text aus der codebox, füge ihn in ein leeres textfeld ein, speichere den text unter "alle datei-typen" als "fix.reg"
am desktop ab. wechsle in den abgesicherten modus von windows und
navigiere zu dieser datei, mach einen doppelklick auf diese datei und stimme
der frage zum zufügen der datei zur registry zu.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

fixe mit HijackThis die nachfolgenden einträge, sofern sie noch vorhanden sind
(du musst das tool unter vista als administrator ausführen !!! )

016 - Alle einträge fixen


trenn dich von allen tools, die du nicht benötigst

bereinige mit dem ccleaner das system ( auch die registry, nicht nur die temp. ordner leeren)

welche probleme hast du noch ??

[Sven_]

So alles erledigt Der Computer fährt nun wieder alleine hoch, allerdings braucht er ewig auch wenn man den explorer öffnet muss man 3-4 minuten warten bis er Dateien anzeigt, wärend der explorer "irgendwas macht" hängt auch der Rest vom System obwohl der Taskmanager keinerlei Aktivität anzeigt (System Idle 99%)

Der Virenscan der ersten 2 Dateien war unauffällig, die 3 hatte Rückmeldung
Hier die Auswertung:

Code:

Ergebniss 

C:\WINDOWS\uninsqvp.exe 

File uninsqvp.exe received on 11.29.2008 09:58:01 (CET)Antivirus Version Last Update Result 
AhnLab-V3 2008.11.28.2 2008.11.28 - 
AntiVir 7.9.0.36 2008.11.28 - 
Authentium 5.1.0.4 2008.11.28 - 
Avast 4.8.1281.0 2008.11.28 - 
AVG 8.0.0.199 2008.11.29 - 
BitDefender 7.2 2008.11.29 - 
CAT-QuickHeal 10.00 2008.11.29 - 
ClamAV 0.94.1 2008.11.29 - 
DrWeb 4.44.0.09170 2008.11.29 - 
eSafe 7.0.17.0 2008.11.27 - 
eTrust-Vet 31.6.6234 2008.11.28 - 
Ewido 4.0 2008.11.28 - 
F-Prot 4.4.4.56 2008.11.28 - 
F-Secure 8.0.14332.0 2008.11.29 - 
Fortinet 3.117.0.0 2008.11.29 - 
GData 19 2008.11.29 - 
Ikarus T3.1.1.45.0 2008.11.29 - 
K7AntiVirus 7.10.537 2008.11.28 - 
Kaspersky 7.0.0.125 2008.11.29 - 
McAfee 5448 2008.11.28 - 
McAfee+Artemis 5448 2008.11.28 - 
Microsoft 1.4104 2008.11.29 - 
NOD32 3650 2008.11.28 - 
Norman 5.80.02 2008.11.28 - 
Panda 9.0.0.4 2008.11.29 - 
PCTools 4.4.2.0 2008.11.28 - 
Prevx1 V2 2008.11.29 - 
Rising 21.05.51.00 2008.11.29 - 
SecureWeb-Gateway 6.7.6 2008.11.28 - 
Sophos 4.36.0 2008.11.29 - 
Sunbelt 3.1.1832.2 2008.11.27 Porn-Dialer.Win32.CapreDeam.AH (vf) 
Symantec 10 2008.11.29 - 
TheHacker 6.3.1.1.166 2008.11.28 - 
TrendMicro 8.700.0.1004 2008.11.28 - 
VBA32 3.12.8.9 2008.11.28 - 
ViRobot 2008.11.28.1491 2008.11.28 - 
VirusBuster 4.5.11.0 2008.11.28 - 
 
Additional information 
File size: 69632 bytes 
MD5...: 8727f81017fea83fa87cceb77d4fb45a 
SHA1..: 7aa55088e0dc8d4ec32a00e68adf752ea2564de2 
SHA256: 42b59662b41cda9e26d9e30aa9dc37c5293f6120b384911b9acc32243b401d93 
SHA512: ffd70d80cefe54db9098964d244b1b11d2dc5387aee28ccf8929173fc9bd4b45<BR>f261f3e5f8cea6cbe64b2a2edc3215f5a3133c09a890f81bb518dadb9305ac26<BR> 
ssdeep: 768:DlyW6CJEt7fdr/fAQG18DUOdkmerO+kKLhGw4GoiS0+0SJMcoejiba5p4:/6<BR>Gefdj4ZiyLAw4GosSJ9oe8yp4<BR> 
PEiD..: Armadillo v1.71 
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%) 
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40630d<BR>timedatestamp.....: 0x3fbd52cb (Thu Nov 20 23:48:27 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xa4a6 0xb000 6.33 4f91e5150dd918c8104323357aa76c01<BR>.rdata 0xc000 0x10ca 0x2000 3.40 2a603d9509617833a9ce48f3404fe1e3<BR>.data 0xe000 0xe2ac 0x2000 3.19 90e089ecf7f848d1c1cfb18c8e494ac4<BR>.rsrc 0x1d000 0x990 0x1000 2.67 77d66460f0a8b74eddf25eb568a36df4<BR><BR>( 5 imports ) <BR>&gt; KERNEL32.dll: FreeLibrary, LoadLibraryA, FindFirstFileA, GetShortPathNameA, Sleep, GetTempFileNameA, GetTempPathA, MoveFileExA, GetVersion, MultiByteToWideChar, FindNextFileA, GetProcAddress, GetTickCount, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetModuleFileNameA, GlobalReAlloc, CloseHandle, CreateFileA, GetCurrentProcess, GetFileAttributesA, FindClose, GetUserDefaultLCID, DeleteFileA, GetWindowsDirectoryA, SetLastError, HeapAlloc, HeapFree, lstrcpyA, CopyFileA, GetLastError, lstrlenA, RemoveDirectoryA, HeapDestroy, GetFileType, HeapCreate, SetFilePointer, VirtualFree, SetHandleCount, lstrcatA, GetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, TerminateProcess, WriteFile, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, WideCharToMultiByte, GetOEMCP, SetEndOfFile, ReadFile, SetStdHandle, HeapReAlloc, VirtualAlloc, GetACP, RtlUnwind, CreateDirectoryA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, ExitProcess, GetCPInfo<BR>&gt; USER32.dll: CharNextA, LoadStringA, MessageBoxA, wsprintfA, SetDlgItemTextA, PostMessageA, IsWindow, FindWindowA, DialogBoxParamA, UpdateWindow, ShowWindow, EnableWindow, GetDlgItem, ExitWindowsEx, SetWindowPos, EndDialog, CharLowerA, CharToOemA, GetSystemMetrics, GetWindowRect<BR>&gt; ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegEnumValueA, RegDeleteValueA, InitiateSystemShutdownA, AdjustTokenPrivileges, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA<BR>&gt; ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance<BR>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 9 exports ) <BR>DeleteFileOnReboot, MoveFileOnReboot, QVPAddIcons, QVPGetRegInfo, QVPLogError, QVPRegQVP32AppPath, QVPRegString, QVPShutdown, RemovePendingFileOps<BR>

Die anderen 2:

Code:

Ergebniss 

C:\WINDOWS\uninsqvp.exe 

File uninsqvp.exe received on 11.29.2008 09:58:01 (CET)Antivirus Version Last Update Result 
AhnLab-V3 2008.11.28.2 2008.11.28 - 
AntiVir 7.9.0.36 2008.11.28 - 
Authentium 5.1.0.4 2008.11.28 - 
Avast 4.8.1281.0 2008.11.28 - 
AVG 8.0.0.199 2008.11.29 - 
BitDefender 7.2 2008.11.29 - 
CAT-QuickHeal 10.00 2008.11.29 - 
ClamAV 0.94.1 2008.11.29 - 
DrWeb 4.44.0.09170 2008.11.29 - 
eSafe 7.0.17.0 2008.11.27 - 
eTrust-Vet 31.6.6234 2008.11.28 - 
Ewido 4.0 2008.11.28 - 
F-Prot 4.4.4.56 2008.11.28 - 
F-Secure 8.0.14332.0 2008.11.29 - 
Fortinet 3.117.0.0 2008.11.29 - 
GData 19 2008.11.29 - 
Ikarus T3.1.1.45.0 2008.11.29 - 
K7AntiVirus 7.10.537 2008.11.28 - 
Kaspersky 7.0.0.125 2008.11.29 - 
McAfee 5448 2008.11.28 - 
McAfee+Artemis 5448 2008.11.28 - 
Microsoft 1.4104 2008.11.29 - 
NOD32 3650 2008.11.28 - 
Norman 5.80.02 2008.11.28 - 
Panda 9.0.0.4 2008.11.29 - 
PCTools 4.4.2.0 2008.11.28 - 
Prevx1 V2 2008.11.29 - 
Rising 21.05.51.00 2008.11.29 - 
SecureWeb-Gateway 6.7.6 2008.11.28 - 
Sophos 4.36.0 2008.11.29 - 
Sunbelt 3.1.1832.2 2008.11.27 Porn-Dialer.Win32.CapreDeam.AH (vf) 
Symantec 10 2008.11.29 - 
TheHacker 6.3.1.1.166 2008.11.28 - 
TrendMicro 8.700.0.1004 2008.11.28 - 
VBA32 3.12.8.9 2008.11.28 - 
ViRobot 2008.11.28.1491 2008.11.28 - 
VirusBuster 4.5.11.0 2008.11.28 - 
 
Additional information 
File size: 69632 bytes 
MD5...: 8727f81017fea83fa87cceb77d4fb45a 
SHA1..: 7aa55088e0dc8d4ec32a00e68adf752ea2564de2 
SHA256: 42b59662b41cda9e26d9e30aa9dc37c5293f6120b384911b9acc32243b401d93 
SHA512: ffd70d80cefe54db9098964d244b1b11d2dc5387aee28ccf8929173fc9bd4b45<BR>f261f3e5f8cea6cbe64b2a2edc3215f5a3133c09a890f81bb518dadb9305ac26<BR> 
ssdeep: 768:DlyW6CJEt7fdr/fAQG18DUOdkmerO+kKLhGw4GoiS0+0SJMcoejiba5p4:/6<BR>Gefdj4ZiyLAw4GosSJ9oe8yp4<BR> 
PEiD..: Armadillo v1.71 
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%) 
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40630d<BR>timedatestamp.....: 0x3fbd52cb (Thu Nov 20 23:48:27 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xa4a6 0xb000 6.33 4f91e5150dd918c8104323357aa76c01<BR>.rdata 0xc000 0x10ca 0x2000 3.40 2a603d9509617833a9ce48f3404fe1e3<BR>.data 0xe000 0xe2ac 0x2000 3.19 90e089ecf7f848d1c1cfb18c8e494ac4<BR>.rsrc 0x1d000 0x990 0x1000 2.67 77d66460f0a8b74eddf25eb568a36df4<BR><BR>( 5 imports ) <BR>&gt; KERNEL32.dll: FreeLibrary, LoadLibraryA, FindFirstFileA, GetShortPathNameA, Sleep, GetTempFileNameA, GetTempPathA, MoveFileExA, GetVersion, MultiByteToWideChar, FindNextFileA, GetProcAddress, GetTickCount, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetModuleFileNameA, GlobalReAlloc, CloseHandle, CreateFileA, GetCurrentProcess, GetFileAttributesA, FindClose, GetUserDefaultLCID, DeleteFileA, GetWindowsDirectoryA, SetLastError, HeapAlloc, HeapFree, lstrcpyA, CopyFileA, GetLastError, lstrlenA, RemoveDirectoryA, HeapDestroy, GetFileType, HeapCreate, SetFilePointer, VirtualFree, SetHandleCount, lstrcatA, GetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, TerminateProcess, WriteFile, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, WideCharToMultiByte, GetOEMCP, SetEndOfFile, ReadFile, SetStdHandle, HeapReAlloc, VirtualAlloc, GetACP, RtlUnwind, CreateDirectoryA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, ExitProcess, GetCPInfo<BR>&gt; USER32.dll: CharNextA, LoadStringA, MessageBoxA, wsprintfA, SetDlgItemTextA, PostMessageA, IsWindow, FindWindowA, DialogBoxParamA, UpdateWindow, ShowWindow, EnableWindow, GetDlgItem, ExitWindowsEx, SetWindowPos, EndDialog, CharLowerA, CharToOemA, GetSystemMetrics, GetWindowRect<BR>&gt; ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegEnumValueA, RegDeleteValueA, InitiateSystemShutdownA, AdjustTokenPrivileges, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA<BR>&gt; ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance<BR>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 9 exports ) <BR>DeleteFileOnReboot, MoveFileOnReboot, QVPAddIcons, QVPGetRegInfo, QVPLogError, QVPRegQVP32AppPath, QVPRegString, QVPShutdown, RemovePendingFileOps<BR> 
 
File iwlanver.dll received on 11.29.2008 09:51:52 (CET)Antivirus Version Last Update Result 
AhnLab-V3 2008.11.28.2 2008.11.28 - 
AntiVir 7.9.0.36 2008.11.28 - 
Authentium 5.1.0.4 2008.11.28 - 
Avast 4.8.1281.0 2008.11.28 - 
AVG 8.0.0.199 2008.11.29 - 
BitDefender 7.2 2008.11.29 - 
CAT-QuickHeal 10.00 2008.11.29 - 
ClamAV 0.94.1 2008.11.29 - 
DrWeb 4.44.0.09170 2008.11.29 - 
eSafe 7.0.17.0 2008.11.27 - 
eTrust-Vet 31.6.6234 2008.11.28 - 
Ewido 4.0 2008.11.28 - 
F-Prot 4.4.4.56 2008.11.28 - 
F-Secure 8.0.14332.0 2008.11.29 - 
Fortinet 3.117.0.0 2008.11.29 - 
GData 19 2008.11.29 - 
Ikarus T3.1.1.45.0 2008.11.29 - 
K7AntiVirus 7.10.537 2008.11.28 - 
Kaspersky 7.0.0.125 2008.11.29 - 
McAfee 5448 2008.11.28 - 
McAfee+Artemis 5448 2008.11.28 - 
Microsoft 1.4104 2008.11.29 - 
NOD32 3650 2008.11.28 - 
Norman 5.80.02 2008.11.28 - 
Panda 9.0.0.4 2008.11.29 - 
PCTools 4.4.2.0 2008.11.28 - 
Prevx1 V2 2008.11.29 - 
Rising 21.05.51.00 2008.11.29 - 
SecureWeb-Gateway 6.7.6 2008.11.28 - 
Sophos 4.36.0 2008.11.29 - 
Sunbelt 3.1.1832.2 2008.11.27 - 
Symantec 10 2008.11.29 - 
TheHacker 6.3.1.1.166 2008.11.28 - 
TrendMicro 8.700.0.1004 2008.11.28 - 
VBA32 3.12.8.9 2008.11.28 - 
ViRobot 2008.11.28.1491 2008.11.28 - 
VirusBuster 4.5.11.0 2008.11.28 - 
 
Additional information 
File size: 7168 bytes 
MD5...: 33f18f85d584f10645205c54a94374d2 
SHA1..: 189e2f186130b2d094d2006de0b30b8036803658 
SHA256: 897a88c7c3af8844991960f9423c97cff912bce0a5254a9315c00e0cfe6b2555 
SHA512: 8061bfffde38113a617a0183c26df14ea9060fa1429045ee3669d198248cb8c2<BR>8ddcfa3b297c5ca43390302410e415177e12d4114cefed3ba01f2db73e5c7e90<BR> 
ssdeep: 192:p4+qPAiIz8COrpYFK3Xf6CkqV9HH6GfM:XmIz8COVYYP6KHb0<BR> 
PEiD..: - 
TrID..: File type identification<BR>Win64 Executable Generic (80.9%)<BR>Win32 Executable Generic (8.0%)<BR>Win32 Dynamic Link Library (generic) (7.1%)<BR>Generic Win/DOS Executable (1.8%)<BR>DOS Executable Generic (1.8%) 
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10001319<BR>timedatestamp.....: 0x468aa625 (Tue Jul 03 19:40:21 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x77c 0x800 5.88 5a03363abf242f082167a0c59f4b16e1<BR>.rdata 0x2000 0x526 0x600 4.34 9d43099eb692fec34bebb715af815a63<BR>.data 0x3000 0x360 0x200 0.28 38a465ab13e516ac4d90e19854e125b5<BR>.rsrc 0x4000 0x4cc 0x600 4.58 4f8731a0c0addb3194f563f0d06d1de6<BR>.reloc 0x5000 0x14c 0x200 3.81 ccd18aae5d2160286fccd8d641e7e65c<BR><BR>( 2 imports ) <BR>&gt; MSVCR80.dll: _lock, __dllonexit, _except_handler4_common, _unlock, __clean_type_info_names_internal, _crt_debugger_hook, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, free, _encoded_null, _malloc_crt, _onexit, _encode_pointer<BR>&gt; KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime<BR><BR>( 0 exports ) <BR>

Logfile von Combofix:

Code:

ComboFix 08-11-28.02 - sbuggerm 2008-11-29 10:11:53.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2319 [GMT 1:00]
Running from: c:\documents and settings\sbuggerm\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sbuggerm\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\sbuggerm\LOCALS~1\Temp\~DF2F50.tmp
c:\docume~1\sbuggerm\LOCALS~1\Temp\~DF2F5D.tmp
c:\docume~1\sbuggerm\LOCALS~1\Temp\~DF7619.tmp
c:\windows\Prefetch\~E5.0001-0B3641BA.pf
c:\windows\Prefetch\ADCIST.EXE-2F8AFA74.pf
c:\windows\Prefetch\ADCIUPD.EXE-0E4A1C9B.pf
c:\windows\Prefetch\ADCIUS.EXE-1F25FF84.pf
c:\windows\Prefetch\AEXAGENTACTIVATE.EXE-0E49AC9B.pf
c:\windows\Prefetch\ALG.EXE-0F138680.pf
c:\windows\Prefetch\ATCHK.EXE-2DA7F26A.pf
c:\windows\Prefetch\ATTRIB.CFEXE-07A4D3CF.pf
c:\windows\Prefetch\ATTRIB.EXE-39EAFB02.pf
c:\windows\Prefetch\AUMSTATUS.EXE-1BAEF888.pf
c:\windows\Prefetch\BF2.EXE-0133EEE4.pf
c:\windows\Prefetch\CCAPP.EXE-1207B2A5.pf
c:\windows\Prefetch\CCC.EXE-2F1AF7F1.pf
c:\windows\Prefetch\CCDOCTOR.EXE-2CB6E508.pf
c:\windows\Prefetch\CF9108.EXE-11728D3A.pf
c:\windows\Prefetch\CF9321.EXE-29799B9D.pf
c:\windows\Prefetch\CHCP.COM-18156052.pf
c:\windows\Prefetch\CLISTART.EXE-315E0C43.pf
c:\windows\Prefetch\CMD.EXE-087B4001.pf
c:\windows\Prefetch\CMD.EXECF-27E83661.pf
c:\windows\Prefetch\COMBOFIX-DOWNLOAD.EXE-019F7CBB.pf
c:\windows\Prefetch\COMBOFIX.EXE-113D1A23.pf
c:\windows\Prefetch\CSCRIPT.EXE-1C26180C.pf
c:\windows\Prefetch\CTFMON.EXE-0E17969B.pf
c:\windows\Prefetch\DOT1XCFG.EXE-087CDE23.pf
c:\windows\Prefetch\DSHOSTCHECKER.EXE-24C10BD7.pf
c:\windows\Prefetch\DSNETWORKCONNECT.EXE-246E563E.pf
c:\windows\Prefetch\DWHWIZRD.EXE-2CC782A2.pf
c:\windows\Prefetch\ERCLIENT7.EXE-2959D488.pf
c:\windows\Prefetch\EXPLORER.EXE-082F38A9.pf
c:\windows\Prefetch\FIND.EXE-0EC32F1E.pf
c:\windows\Prefetch\FINDSTR.CFEXE-38519B93.pf
c:\windows\Prefetch\FINDSTR.EXE-0CA6274B.pf
c:\windows\Prefetch\GREP.CFEXE-20443039.pf
c:\windows\Prefetch\GREP.CFEXE-273BC5E1.pf
c:\windows\Prefetch\GRPCONV.EXE-111CD845.pf
c:\windows\Prefetch\GSAR.CFEXE-0E6FCB31.pf
c:\windows\Prefetch\HELPSVC.EXE-2878DDA2.pf
c:\windows\Prefetch\HIDE.EXE-1E5316AF.pf
c:\windows\Prefetch\HIDEC.EXE-3B166DB3.pf
c:\windows\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf
c:\windows\Prefetch\HPQTOASTER.EXE-33D4AB00.pf
c:\windows\Prefetch\HPQWMIEX.EXE-1982D280.pf
c:\windows\Prefetch\HPWAMAIN.EXE-1BDCDD0D.pf
c:\windows\Prefetch\ICON6560581611.EXE-229A9A02.pf
c:\windows\Prefetch\IEXPLORE.EXE-27122324.pf
c:\windows\Prefetch\IFRMEWRK.EXE-0618C85D.pf
c:\windows\Prefetch\INVSEND.EXE-3A301943.pf
c:\windows\Prefetch\IPASSPERIODICUPDATEAPP.EXE-0F28E41D.pf
c:\windows\Prefetch\Layout.ini
c:\windows\Prefetch\LUALL.EXE-2BCC229F.pf
c:\windows\Prefetch\LUCOMS~1.EXE-02DB5950.pf
c:\windows\Prefetch\MGSPOLICY.EXE-26DA3CE1.pf
c:\windows\Prefetch\MGSUSAGEAG.EXE-005CB8F3.pf
c:\windows\Prefetch\MLPOD36.EXE-34144FD7.pf
c:\windows\Prefetch\MOBSYNC.EXE-173EDCEF.pf
c:\windows\Prefetch\MOM.EXE-33A6BD58.pf
c:\windows\Prefetch\MPNOTIFY.EXE-3631A846.pf
c:\windows\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf
c:\windows\Prefetch\MSMSGS.EXE-2B6052DE.pf
c:\windows\Prefetch\NDLAUNCH.EXE-12AEB51C.pf
c:\windows\Prefetch\NDSCHEDAG.EXE-176CE058.pf
c:\windows\Prefetch\NDSENS.EXE-1BE7EE9A.pf
c:\windows\Prefetch\NDSERV.EXE-04617BC7.pf
c:\windows\Prefetch\NDTASK.EXE-20A315FC.pf
c:\windows\Prefetch\NDTRACK.EXE-2AC23926.pf
c:\windows\Prefetch\NDUPLOAD.EXE-1FF26AAF.pf
c:\windows\Prefetch\NIRCMD.CFEXE-0E3F4BC2.pf
c:\windows\Prefetch\NIRCMD.CFEXE-19FF4781.pf
c:\windows\Prefetch\NIRCMD.COM-10563DC3.pf
c:\windows\Prefetch\NIRCMD.COM-323C21EC.pf
c:\windows\Prefetch\NOTEPAD.EXE-336351A9.pf
c:\windows\Prefetch\NPLOGON.EXE-088B742D.pf
c:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf
c:\windows\Prefetch\NVDKIT.EXE-22E073A8.pf
c:\windows\Prefetch\OUTLOOK.EXE-39385AAC.pf
c:\windows\Prefetch\PBUPDATE.EXE-122A4B96.pf
c:\windows\Prefetch\PCOWNER.EXE-2EA3AD07.pf
c:\windows\Prefetch\PGPFSD.EXE-078D4B3F.pf
c:\windows\Prefetch\PGPTRAY.EXE-1B2A2F0C.pf
c:\windows\Prefetch\PGPWDE.EXE-366E7F66.pf
c:\windows\Prefetch\PING.EXE-31216D26.pf
c:\windows\Prefetch\PNKBSTRB.EXE-21412697.pf
c:\windows\Prefetch\PV.CFEXE-0E6F2701.pf
c:\windows\Prefetch\PV.CFEXE-23E4A9A0.pf
c:\windows\Prefetch\QLBCTRL.EXE-0325C50A.pf
c:\windows\Prefetch\QLBPRES.EXE-34B537FB.pf
c:\windows\Prefetch\RADCONCT.EXE-28D5DA4E.pf
c:\windows\Prefetch\RADEXECD.EXE-1F9CE34A.pf
c:\windows\Prefetch\RADPINIT.EXE-0900868D.pf
c:\windows\Prefetch\RADPNLWR.EXE-1754A35B.pf
c:\windows\Prefetch\RADREXXW.EXE-2994791E.pf
c:\windows\Prefetch\RADSCHED.EXE-04F86B82.pf
c:\windows\Prefetch\RADSKMAN.EXE-2FA225BE.pf
c:\windows\Prefetch\RADSTATE.EXE-36A9DD91.pf
c:\windows\Prefetch\RADSTGMS.EXE-14172802.pf
c:\windows\Prefetch\RADTRAY.EXE-0940593F.pf
c:\windows\Prefetch\REGEDIT.EXE-1B606482.pf
c:\windows\Prefetch\REGSVR32.EXE-25EEFE2F.pf
c:\windows\Prefetch\RUNDLL32.EXE-24FE0C44.pf
c:\windows\Prefetch\RUNIT.EXE-1A494A63.pf
c:\windows\Prefetch\RUNONCE.EXE-2803F297.pf
c:\windows\Prefetch\S_USER.EXE-2942424B.pf
c:\windows\Prefetch\SECURID.EXE-116BEA7C.pf
c:\windows\Prefetch\SED.CFEXE-238FCCA6.pf
c:\windows\Prefetch\SED.CFEXE-268D7E58.pf
c:\windows\Prefetch\SMAX4.EXE-3ABA87F8.pf
c:\windows\Prefetch\SMAX4PNP.EXE-381239AF.pf
c:\windows\Prefetch\SMC.EXE-2E09B9F3.pf
c:\windows\Prefetch\SORT.EXE-194AE83C.pf
c:\windows\Prefetch\SQLWRITER.EXE-0050A6DE.pf
c:\windows\Prefetch\SVCHOST.EXE-3530F672.pf
c:\windows\Prefetch\SWREG.CFEXE-2BF4FFCD.pf
c:\windows\Prefetch\SWREG.EXE-0937BD77.pf
c:\windows\Prefetch\SYNTPENH.EXE-315D3ABC.pf
c:\windows\Prefetch\SYNTPSTART.EXE-25038CFE.pf
c:\windows\Prefetch\TASKMGR.EXE-20256C55.pf
c:\windows\Prefetch\UNS.EXE-24FF2AAB.pf
c:\windows\Prefetch\USERINIT.EXE-30B18140.pf
c:\windows\Prefetch\VERCLSID.EXE-3667BD89.pf
c:\windows\Prefetch\VPTRAY.EXE-21252F09.pf
c:\windows\Prefetch\VPTRAY.EXE-2D128BA2.pf
c:\windows\Prefetch\WGATRAY.EXE-0ED38BED.pf
c:\windows\Prefetch\WINZIP32.EXE-335422C1.pf
c:\windows\Prefetch\WMIPRVSE.EXE-28F301A9.pf
c:\windows\Prefetch\WORDPAD.EXE-24533991.pf
c:\windows\Prefetch\WRP.CFEXE-216127FC.pf
c:\windows\Prefetch\WSCRIPT.EXE-32960AB9.pf
c:\windows\Prefetch\WUAUCLT.EXE-399A8E72.pf
c:\windows\Prefetch\ZCFGSVC.EXE-1A56EA85.pf
c:\windows\Temp\14.tmp
c:\windows\Temp\atchksrv.log
c:\windows\Temp\Perflib_Perfdata_930.dat
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Prefetch\~E5.0001-0B3641BA.pf
c:\windows\Prefetch\ADCIST.EXE-2F8AFA74.pf
c:\windows\Prefetch\ADCIUPD.EXE-0E4A1C9B.pf
c:\windows\Prefetch\ADCIUS.EXE-1F25FF84.pf
c:\windows\Prefetch\AEXAGENTACTIVATE.EXE-0E49AC9B.pf
c:\windows\Prefetch\ALG.EXE-0F138680.pf
c:\windows\Prefetch\ATCHK.EXE-2DA7F26A.pf
c:\windows\Prefetch\ATTRIB.CFEXE-07A4D3CF.pf
c:\windows\Prefetch\ATTRIB.EXE-39EAFB02.pf
c:\windows\Prefetch\AUMSTATUS.EXE-1BAEF888.pf
c:\windows\Prefetch\BF2.EXE-0133EEE4.pf
c:\windows\Prefetch\CCAPP.EXE-1207B2A5.pf
c:\windows\Prefetch\CCC.EXE-2F1AF7F1.pf
c:\windows\Prefetch\CCDOCTOR.EXE-2CB6E508.pf
c:\windows\Prefetch\CF9108.EXE-11728D3A.pf
c:\windows\Prefetch\CF9321.EXE-29799B9D.pf
c:\windows\Prefetch\CHCP.COM-18156052.pf
c:\windows\Prefetch\CLISTART.EXE-315E0C43.pf
c:\windows\Prefetch\CMD.EXE-087B4001.pf
c:\windows\Prefetch\CMD.EXECF-27E83661.pf
c:\windows\Prefetch\COMBOFIX-DOWNLOAD.EXE-019F7CBB.pf
c:\windows\Prefetch\COMBOFIX.EXE-113D1A23.pf
c:\windows\Prefetch\CSCRIPT.EXE-1C26180C.pf
c:\windows\Prefetch\CTFMON.EXE-0E17969B.pf
c:\windows\Prefetch\DOT1XCFG.EXE-087CDE23.pf
c:\windows\Prefetch\DSHOSTCHECKER.EXE-24C10BD7.pf
c:\windows\Prefetch\DSNETWORKCONNECT.EXE-246E563E.pf
c:\windows\Prefetch\DWHWIZRD.EXE-2CC782A2.pf
c:\windows\Prefetch\ERCLIENT7.EXE-2959D488.pf
c:\windows\Prefetch\EXPLORER.EXE-082F38A9.pf
c:\windows\Prefetch\FIND.EXE-0EC32F1E.pf
c:\windows\Prefetch\FINDSTR.CFEXE-38519B93.pf
c:\windows\Prefetch\FINDSTR.EXE-0CA6274B.pf
c:\windows\Prefetch\GREP.CFEXE-20443039.pf
c:\windows\Prefetch\GREP.CFEXE-273BC5E1.pf
c:\windows\Prefetch\GRPCONV.EXE-111CD845.pf
c:\windows\Prefetch\GSAR.CFEXE-0E6FCB31.pf
c:\windows\Prefetch\HELPSVC.EXE-2878DDA2.pf
c:\windows\Prefetch\HIDE.EXE-1E5316AF.pf
c:\windows\Prefetch\HIDEC.EXE-3B166DB3.pf
c:\windows\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf
c:\windows\Prefetch\HPQTOASTER.EXE-33D4AB00.pf
c:\windows\Prefetch\HPQWMIEX.EXE-1982D280.pf
c:\windows\Prefetch\HPWAMAIN.EXE-1BDCDD0D.pf
c:\windows\Prefetch\ICON6560581611.EXE-229A9A02.pf
c:\windows\Prefetch\IEXPLORE.EXE-27122324.pf
c:\windows\Prefetch\IFRMEWRK.EXE-0618C85D.pf
c:\windows\Prefetch\INVSEND.EXE-3A301943.pf
c:\windows\Prefetch\IPASSPERIODICUPDATEAPP.EXE-0F28E41D.pf
c:\windows\Prefetch\Layout.ini
c:\windows\Prefetch\LUALL.EXE-2BCC229F.pf
c:\windows\Prefetch\LUCOMS~1.EXE-02DB5950.pf
c:\windows\Prefetch\MGSPOLICY.EXE-26DA3CE1.pf
c:\windows\Prefetch\MGSUSAGEAG.EXE-005CB8F3.pf
c:\windows\Prefetch\MLPOD36.EXE-34144FD7.pf
c:\windows\Prefetch\MOBSYNC.EXE-173EDCEF.pf
c:\windows\Prefetch\MOM.EXE-33A6BD58.pf
c:\windows\Prefetch\MPNOTIFY.EXE-3631A846.pf
c:\windows\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf
c:\windows\Prefetch\MSMSGS.EXE-2B6052DE.pf
c:\windows\Prefetch\NDLAUNCH.EXE-12AEB51C.pf
c:\windows\Prefetch\NDSCHEDAG.EXE-176CE058.pf
c:\windows\Prefetch\NDSENS.EXE-1BE7EE9A.pf
c:\windows\Prefetch\NDSERV.EXE-04617BC7.pf
c:\windows\Prefetch\NDTASK.EXE-20A315FC.pf
c:\windows\Prefetch\NDTRACK.EXE-2AC23926.pf
c:\windows\Prefetch\NDUPLOAD.EXE-1FF26AAF.pf
c:\windows\Prefetch\NIRCMD.CFEXE-0E3F4BC2.pf
c:\windows\Prefetch\NIRCMD.CFEXE-19FF4781.pf
c:\windows\Prefetch\NIRCMD.COM-10563DC3.pf
c:\windows\Prefetch\NIRCMD.COM-323C21EC.pf
c:\windows\Prefetch\NOTEPAD.EXE-336351A9.pf
c:\windows\Prefetch\NPLOGON.EXE-088B742D.pf
c:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf
c:\windows\Prefetch\NVDKIT.EXE-22E073A8.pf
c:\windows\Prefetch\OUTLOOK.EXE-39385AAC.pf
c:\windows\Prefetch\PBUPDATE.EXE-122A4B96.pf
c:\windows\Prefetch\PCOWNER.EXE-2EA3AD07.pf
c:\windows\Prefetch\PGPFSD.EXE-078D4B3F.pf
c:\windows\Prefetch\PGPTRAY.EXE-1B2A2F0C.pf
c:\windows\Prefetch\PGPWDE.EXE-366E7F66.pf
c:\windows\Prefetch\PING.EXE-31216D26.pf
c:\windows\Prefetch\PNKBSTRB.EXE-21412697.pf
c:\windows\Prefetch\PV.CFEXE-0E6F2701.pf
c:\windows\Prefetch\PV.CFEXE-23E4A9A0.pf
c:\windows\Prefetch\QLBCTRL.EXE-0325C50A.pf
c:\windows\Prefetch\QLBPRES.EXE-34B537FB.pf
c:\windows\Prefetch\RADCONCT.EXE-28D5DA4E.pf
c:\windows\Prefetch\RADEXECD.EXE-1F9CE34A.pf
c:\windows\Prefetch\RADPINIT.EXE-0900868D.pf
c:\windows\Prefetch\RADPNLWR.EXE-1754A35B.pf
c:\windows\Prefetch\RADREXXW.EXE-2994791E.pf
c:\windows\Prefetch\RADSCHED.EXE-04F86B82.pf
c:\windows\Prefetch\RADSKMAN.EXE-2FA225BE.pf
c:\windows\Prefetch\RADSTATE.EXE-36A9DD91.pf
c:\windows\Prefetch\RADSTGMS.EXE-14172802.pf
c:\windows\Prefetch\RADTRAY.EXE-0940593F.pf
c:\windows\Prefetch\REGEDIT.EXE-1B606482.pf
c:\windows\Prefetch\REGSVR32.EXE-25EEFE2F.pf
c:\windows\Prefetch\RUNDLL32.EXE-24FE0C44.pf
c:\windows\Prefetch\RUNIT.EXE-1A494A63.pf
c:\windows\Prefetch\RUNONCE.EXE-2803F297.pf
c:\windows\Prefetch\S_USER.EXE-2942424B.pf
c:\windows\Prefetch\SECURID.EXE-116BEA7C.pf
c:\windows\Prefetch\SED.CFEXE-238FCCA6.pf
c:\windows\Prefetch\SED.CFEXE-268D7E58.pf
c:\windows\Prefetch\SMAX4.EXE-3ABA87F8.pf
c:\windows\Prefetch\SMAX4PNP.EXE-381239AF.pf
c:\windows\Prefetch\SMC.EXE-2E09B9F3.pf
c:\windows\Prefetch\SORT.EXE-194AE83C.pf
c:\windows\Prefetch\SQLWRITER.EXE-0050A6DE.pf
c:\windows\Prefetch\SVCHOST.EXE-3530F672.pf
c:\windows\Prefetch\SWREG.CFEXE-2BF4FFCD.pf
c:\windows\Prefetch\SWREG.EXE-0937BD77.pf
c:\windows\Prefetch\SYNTPENH.EXE-315D3ABC.pf
c:\windows\Prefetch\SYNTPSTART.EXE-25038CFE.pf
c:\windows\Prefetch\TASKMGR.EXE-20256C55.pf
c:\windows\Prefetch\UNS.EXE-24FF2AAB.pf
c:\windows\Prefetch\USERINIT.EXE-30B18140.pf
c:\windows\Prefetch\VERCLSID.EXE-3667BD89.pf
c:\windows\Prefetch\VPTRAY.EXE-21252F09.pf
c:\windows\Prefetch\VPTRAY.EXE-2D128BA2.pf
c:\windows\Prefetch\WGATRAY.EXE-0ED38BED.pf
c:\windows\Prefetch\WINZIP32.EXE-335422C1.pf
c:\windows\Prefetch\WMIPRVSE.EXE-28F301A9.pf
c:\windows\Prefetch\WORDPAD.EXE-24533991.pf
c:\windows\Prefetch\WRP.CFEXE-216127FC.pf
c:\windows\Prefetch\WSCRIPT.EXE-32960AB9.pf
c:\windows\Prefetch\WUAUCLT.EXE-399A8E72.pf
c:\windows\Prefetch\ZCFGSVC.EXE-1A56EA85.pf
c:\windows\system32\am2
c:\windows\system32\CAE
c:\windows\system32\EV19
c:\windows\system32\pci
c:\windows\Temp\14.tmp
c:\windows\Temp\Perflib_Perfdata_930.dat
c:\windows\system32\drivers\disdn . . . . failed to delete
c:\windows\Temp\atchksrv.log . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2008-10-28 to 2008-11-29  )))))))))))))))))))))))))))))))
.

2008-11-29 10:02 . 2008-11-29 10:02	<DIR>	d--------	c:\program files\CCleaner
2008-11-28 20:47 . 2008-11-28 20:47	<DIR>	d--------	C:\programme
2008-11-27 13:50 . 2008-11-27 13:50	578,560	--a--c---	c:\windows\system32\dllcache\user32.dll
2008-11-27 13:47 . 2008-11-27 13:47	<DIR>	d--------	c:\windows\ERUNT
2008-11-27 12:08 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Bluetooth Software
2008-11-27 12:08 . 2008-01-23 09:09	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\ManageSoft Corp
2008-11-27 12:08 . 2008-01-23 11:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\Intel
2008-11-27 12:08 . 2008-01-23 09:05	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\InstallShield
2008-11-27 12:08 . 2008-01-23 09:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\Application Data\ATI
2008-11-27 12:08 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{DF99D800-F903-48FB-85A5-07817A889081}
2008-11-27 12:08 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{9C7B5BAE-2EAD-41CA-9896-7E952731919A}
2008-11-27 12:08 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{9035A8F6-745E-4ED9-A1E8-B5F9A2F1A9CF}
2008-11-27 12:08 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{6378C14B-61EC-429B-8F8F-04C9ED75B3E8}
2008-11-27 12:08 . 2008-01-23 08:42	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{51FD6D8C-B4D1-4969-9D17-0BFAE03DCD23}
2008-11-27 12:08 . 2008-01-23 08:38	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{3FCA3A1A-D57D-4D79-BB47-61622CE3835C}
2008-11-27 12:08 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV\{374B1131-5EBC-4EC9-8CCA-51058F569B36}
2008-11-27 12:08 . 2008-11-27 12:08	<DIR>	d--------	c:\documents and settings\sbuggerm.CNU8100KCV
2008-11-27 11:51 . 2008-11-27 14:16	<DIR>	d--------	C:\SDFix
2008-11-27 11:50 . 2008-11-27 11:50	<DIR>	d--------	C:\programm_download
2008-11-27 11:45 . 2008-09-04 18:15	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2008-11-27 11:45 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 13:17 . 2008-11-25 13:28	<DIR>	d--------	C:\fixwareout
2008-11-25 13:12 . 2008-11-25 13:12	<DIR>	d--------	c:\program files\Trend Micro
2008-11-18 17:38 . 2008-05-30 14:11	3,850,760	--a------	c:\windows\system32\D3DX9_38.dll
2008-11-18 17:38 . 2008-05-30 14:11	1,491,992	--a------	c:\windows\system32\D3DCompiler_38.dll
2008-11-18 17:38 . 2008-05-30 14:19	507,400	--a------	c:\windows\system32\XAudio2_1.dll
2008-11-18 17:38 . 2008-05-30 14:11	467,984	--a------	c:\windows\system32\d3dx10_38.dll
2008-11-18 17:38 . 2008-05-30 14:18	238,088	--a------	c:\windows\system32\xactengine3_1.dll
2008-11-18 17:38 . 2008-05-30 14:17	65,032	--a------	c:\windows\system32\XAPOFX1_0.dll
2008-11-18 17:38 . 2008-05-30 14:17	25,608	--a------	c:\windows\system32\X3DAudio1_4.dll
2008-11-18 17:37 . 2008-11-18 17:37	682,280	--a------	c:\windows\system32\pbsvc.exe
2008-11-18 17:37 . 2008-11-18 17:37	22,328	--a------	c:\documents and settings\sbuggerm\Application Data\PnkBstrK.sys
2008-11-18 16:26 . 2008-11-18 16:26	<DIR>	d--------	c:\program files\Activision
2008-11-09 13:22 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Bluetooth Software
2008-11-09 13:22 . 2008-01-23 09:09	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\ManageSoft Corp
2008-11-09 13:22 . 2008-01-23 11:08	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\Intel
2008-11-09 13:22 . 2008-01-23 09:05	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\InstallShield
2008-11-09 13:22 . 2008-01-23 09:08	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\Application Data\ATI
2008-11-09 13:22 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{DF99D800-F903-48FB-85A5-07817A889081}
2008-11-09 13:22 . 2008-01-23 08:43	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{9C7B5BAE-2EAD-41CA-9896-7E952731919A}
2008-11-09 13:22 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{9035A8F6-745E-4ED9-A1E8-B5F9A2F1A9CF}
2008-11-09 13:22 . 2008-01-23 08:41	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{6378C14B-61EC-429B-8F8F-04C9ED75B3E8}
2008-11-09 13:22 . 2008-01-23 08:42	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{51FD6D8C-B4D1-4969-9D17-0BFAE03DCD23}
2008-11-09 13:22 . 2008-01-23 08:38	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{3FCA3A1A-D57D-4D79-BB47-61622CE3835C}
2008-11-09 13:22 . 2008-01-23 08:40	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET\{374B1131-5EBC-4EC9-8CCA-51058F569B36}
2008-11-09 13:21 . 2008-11-09 13:22	<DIR>	d--------	c:\documents and settings\CNU8100KCV\ASPNET
2008-11-09 13:21 . 2008-11-09 13:21	<DIR>	d--------	c:\documents and settings\CNU8100KCV
2008-11-08 11:05 . 2008-11-08 11:05	664	--a------	c:\windows\system32\d3d9caps.dat
2008-11-06 11:58 . 2008-11-06 11:58	<DIR>	d--------	c:\windows\SQLTools9_KB948109_ENU
2008-11-06 11:55 . 2008-11-06 11:55	<DIR>	d--------	c:\windows\SQL9_KB948109_ENU
2008-11-04 11:29 . 2008-11-04 11:29	<DIR>	d--------	c:\documents and settings\sbuggerm\Application Data\PGP Corporation
2008-11-03 11:59 . 2008-11-03 11:59	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	<DIR>	d--------	c:\program files\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	<DIR>	d--------	c:\program files\Common Files\PGP Corporation
2008-11-03 11:58 . 2008-11-03 11:58	114,308	--a------	c:\windows\system32\PGPlspRollback.reg
2008-11-01 10:53 . 2008-11-01 10:53	<DIR>	d--------	c:\documents and settings\All Users\Application Data\ATI
2008-10-31 14:37 . 2008-11-07 17:30	<DIR>	d--------	c:\documents and settings\sbuggerm\Application Data\temp
2008-10-31 14:12 . 2008-10-31 14:12	<DIR>	d--------	c:\windows\Logs
2008-10-31 14:12 . 2008-07-12 08:18	3,851,784	--a------	c:\windows\system32\D3DX9_39.dll
2008-10-31 13:51 . 2008-10-31 13:51	<DIR>	d--------	c:\program files\EA SPORTS
2008-10-29 21:26 . 2008-08-14 11:11	2,189,184	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-29 21:26 . 2008-08-14 11:09	2,145,280	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-29 21:26 . 2008-08-14 10:33	2,066,048	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-29 21:26 . 2008-08-14 10:33	2,023,936	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-29 21:26 . 2008-10-15 17:34	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2008-10-29 21:26 . 2008-09-08 11:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys
2008-10-29 21:25 . 2008-09-15 13:12	1,846,400	-----c---	c:\windows\system32\dllcache\win32k.sys
2008-10-29 21:24 . 2008-05-01 15:33	331,776	-----c---	c:\windows\system32\dllcache\msadce.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 09:22	---------	d-----w	c:\program files\Symantec AntiVirus
2008-11-27 20:50	140,216	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 10:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 16:36	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-17 11:29	---------	d-----w	c:\program files\eRoom 7
2008-11-17 11:07	---------	d-----w	c:\program files\Common Files\Symantec Shared
2008-11-06 10:58	---------	d-----w	c:\program files\Microsoft SQL Server
2008-11-01 09:43	---------	d-----w	c:\program files\ATI Technologies
2008-10-29 20:53	---------	d-----w	c:\program files\Common Files\Merge Modules
2008-10-29 20:52	---------	d-----w	c:\program files\Microsoft Visual Studio 8
2008-10-29 20:51	---------	d-----w	c:\program files\MSBuild
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:07	---------	d-----w	c:\program files\EA GAMES
2008-10-05 08:53	---------	d-----w	c:\program files\Gamesload Spiele
2008-10-05 08:37	---------	d-----w	c:\program files\Gamesload  Spiele
2008-10-03 13:23	---------	d-----w	c:\program files\Boonty
2008-10-03 11:50	---------	d-----w	c:\program files\Petergames
2008-10-02 19:56	---------	d--h--r	c:\documents and settings\sbuggerm\Application Data\SecuROM
2008-10-02 14:38	---------	d-----w	c:\program files\OpenAL
2008-09-29 08:56	---------	d-----w	c:\program files\Hewlett-Packard
2006-12-29 13:15	626,688	----a-w	c:\program files\Common Files\sapconsaccess.dll
2006-12-29 13:15	40,960	----a-w	c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 13:15	3,100,672	----a-w	c:\program files\Common Files\sapxlhelper.dll
2006-12-29 13:15	192,512	----a-w	c:\program files\Common Files\sapconsr3.dll
2006-12-07 08:26	1,129,984	----a-w	c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 08:26	1,124,864	----a-w	c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

(((((((((((((((((((((((((((((   snapshot_2008-11-28_22.47.24.09   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 21:40:50	308,848	----a-w	c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-29 09:24:22	308,847	----a-w	c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-29 09:26:20	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_7d4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-08-22 18:49	310328	--a------	c:\windows\system32\PGPfsshl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\agilent\adci\adcist.exe" [2003-12-11 69632]
"POD3.6"="c:\program files\MessageLabs\POD36\mlpod36.exe" [2006-11-07 5937320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LAAM"="c:\agilent\bin\runit" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"SchedulingAgent_nDG"="c:\program files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 1110016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 143360]
"SmcService"="c:\progra~1\Sygate\SSA\smc.exe" [2007-01-26 2639512]
"adcius.exe"="c:\agilent\adci\adcius.exe" [2007-07-05 49152]
"CCDoctorLogonTesting"="c:\program files\Rational\ClearCase\bin\ccdoctor.exe" [2003-09-26 126976]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"!AUMStatus"="c:\program files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe" [2007-09-25 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sbuggerm\Start Menu\Programs\Startup\
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2008-05-15 153352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PGPtray.exe.lnk - c:\windows\Installer\{8916B23D-C6E6-4599-A315-92773FDE4417}\Icon6560581611.exe [2008-11-03 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonADCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-144993\Scripts\Logon\0\0]
"Script"=ResetPGPKeys.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-144993\Scripts\Logon\1\0]
"Script"=cleanup.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\radexecd.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\RadUIShell.exe"=
"c:\\Program Files\\Hewlett-Packard\\CM\\Agent\\radtray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R0 pgpfs;PGP File Sharing;c:\windows\system32\Drivers\PGPfsfd.sys [2008-08-22 128568]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2008-08-22 210488]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-01-23 28120]
R2 AUMService;HP OpenView CM Application Usage Manager Agent Service;"c:\program files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe" [2007-09-25 225280]
R2 ContentMgrService;Content Management Service;c:\program files\Videoload Manager\ContentManager.exe [2008-03-12 508928]
R2 ndGlobalLauncher;ManageSoft installation agent;"c:\program files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 2428928]
R2 ndinit;ManageSoft managed device;"c:\program files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 610304]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2008-08-22 245816]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2008-08-22 40504]
R2 radexecd;HP OVCM Notify Daemon;"c:\program files\Hewlett-Packard\CM\Agent\radexecd.exe" [2007-08-15 258222]
R2 radsched;HP OVCM Scheduler Daemon;"c:\program files\Hewlett-Packard\CM\Agent\radsched.exe" [2007-07-20 172210]
R2 Radstgms;HP OVCM MSI Redirector;"c:\program files\Hewlett-Packard\CM\Agent\Radstgms.exe" [2007-07-20 315568]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-01-23 1489688]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 dsNcAdpt;Juniper Network Connect Adapter;c:\windows\system32\DRIVERS\dsNcAdpt.sys [2008-02-15 23552]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-04-04 11113]
R3 HPAUMDriver;HPAUMDriver;c:\windows\system32\Drivers\HPAUMDriver.sys [2007-09-25 6784]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2008-01-23 41216]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-04-04 216459]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\DRIVERS\radiamsi.sys [2007-08-30 30120]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2008-01-23 47616]
S3 Albd;Atria Location Broker;"c:\program files\Rational\ClearCase\bin\albd_server.exe" [2005-05-17 176016]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-04-04 216459]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe [2007-01-26 323658]
S3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs50.sys [2005-05-09 508628]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "c:\program files\AgilentIE6Settings\ConfigureIE6.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F6CBDE3D-3200-41A9-B22D-C7ED922A7B16}]
wscript //b "c:\program files\Agilent MS Office Templates\UserSetup.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F82A802F-470C-4882-BD2A-6B7CD8C1D6BC}]
wscript //b "c:\program files\AgilentIE7Settings\ConfigureIE7.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
c:\windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\User_Feed_Synchronization-{AE68F7CF-6990-475B-BFBA-9F0A7D1A0599}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 10:23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\program files\Rational\ClearCase\bin\ccasenp.dll
c:\program files\Rational\ClearCase\bin\LIBATRIANT.dll
c:\program files\Rational\ClearCase\bin\libatriaks.dll
c:\program files\Rational\ClearCase\bin\libatriacredmap.dll
c:\program files\Rational\ClearCase\bin\libatriaxdr.dll
c:\program files\Rational\ClearCase\bin\LIBATRIATBS.dll
c:\program files\Rational\ClearCase\bin\libatriamvfs.dll
c:\program files\Rational\ClearCase\bin\LIBEZRPC.dll
c:\program files\Rational\ClearCase\bin\LIBRPCSVC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Sygate\SSA\Smc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\windows\system32\PGPserv.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ManageSoft\Usage Agent\mgsusageag.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-11-29 10:31:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-29 09:31:08
ComboFix2.txt  2008-11-28 21:47:46
ComboFix3.txt  2008-11-26 14:51:02

Pre-Run: 63,018,971,136 bytes free
Post-Run: 63,005,028,352 bytes free

598

Aktuelles HJT Logfile

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23, on 2008-11-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
C:\Program Files\Videoload Manager\ContentManager.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\MessageLabs\POD36\mlpod36.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com;localhost;127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [LAAM] C:\Agilent\bin\runit C:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AUMStatus] C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [POD3.6] C:\Program Files\MessageLabs\POD36\mlpod36.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O15 - Trusted Zone: http://www.gamesload.de
O15 - Trusted Zone: http://www.videoload.de
O15 - Trusted Zone: http://*.videoload.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = germany.agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = germany.agilent.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DA5D815-9B42-4C0F-BC33-7B7CE751B6BD}: NameServer = 129.248.176.4,192.25.22.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = germany.agilent.com
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Atria Location Broker (Albd) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\albd_server.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP OpenView CM Application Usage Manager Agent Service (AUMService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - C:\Program Files\Videoload Manager\ContentManager.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Rational Lock Manager (LockMgr) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 13870 bytes

Ist das System nun Sauber? Oder weisen die Logfiles noch auf weitere Verseuchung hin ?

[Speedy]

hast du das mit der fixreg auch durchgeführt ?

• lege bitte diesen ordner an c:\programm_download\Malwarebytes Anti-Malware
• download von Malwarebytes Anti-Malware in diesen ordner
• erstelle bei windows me, xp oder vista einen neuen systemwiederherstellungspunkt
• installiere das tool durch einen doppelklick auf die datei mbam-setup.exe in den vorgegebenen ordner
• starte das programm und beginne zuerst mit der update funktion
• starte einen komplett scan
• lass danach alle funde löschen
• logfile posten

• lege bitte diesen ordner an c:\programm_download\SuperAntiSpyWare
• download von SUPERAntiSpyware Free Edition in diesen ordner
• erstelle bei windows me, xp oder vista einen neuen systemwiederherstellungspunkt
• installiere das tool in den vorgegebenen ordner
• starte das programm und beginne zuerst mit der update funktion
• nun wechsle in den abgesicherten modus von windows
• scanne und bereinige mit SUPERAntiSpyware Free Edition das system
• logfile posten

[Sven_]

Das mit fixreg im abgesicherten modus hatte ich auch ausgeführt,

Hier der Anti-Malware log:

Code:

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1437
Windows 5.1.2600 Service Pack 3

2008-11-30 21:20:55
mbam-log-2008-11-30 (21-20-55).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 303577
Laufzeit: 2 hour(s), 17 minute(s), 2 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\WINDOWS\system32\qvzeptrwej.dll-uninst.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7C92671-07AB-4D0F-BB76-5BF1F956AE8E}\RP6\A0002711.exe (Adware.Agent) -> Quarantined and deleted successfully.

SuperAntiSpyware hat kein logfile erstellt, hat aber 18 probleme gefunden und gelöscht.
12 Cookies
5 Registry eintrage
1 ???

Das System scheint mir jetzt stabil zu laufen, er brauch zwar sehr lange nach dem login bis er desktop und autostart programme geladen hat aber imerhin der desktop kommt .
Ich habe nochmal ein aktuelles HJT Logfile erstellt.

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43, on 2008-12-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
C:\Program Files\Videoload Manager\ContentManager.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MessageLabs\POD36\mlpod36.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sbuggerm\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Program Files\Juniper Networks\Network Connect 5.5.0\dsNetworkConnect.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Documents and Settings\sbuggerm\Application Data\Juniper Networks\Network Connect 5.5.0\instantproxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com;localhost;127.0.0.1;<local>
O1 - Hosts: 192.25.19.114 bbnsslvpn.net.europe.agilent.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [LAAM] C:\Agilent\bin\runit C:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AUMStatus] C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [POD3.6] C:\Program Files\MessageLabs\POD36\mlpod36.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O15 - Trusted Zone: http://www.gamesload.de
O15 - Trusted Zone: http://www.videoload.de
O15 - Trusted Zone: http://*.videoload.de
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://bbnsslvpn.net.europe.agilent.com/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = germany.agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = germany.agilent.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DA5D815-9B42-4C0F-BC33-7B7CE751B6BD}: NameServer = 129.248.176.4,192.25.22.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = germany.agilent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = agilent.com,germany.agilent.com,britain.agilent.com,germany.agilent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = agilent.com,germany.agilent.com,britain.agilent.com,germany.agilent.com
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O20 - AppInit_DLLs: PGPmapih.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Atria Location Broker (Albd) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\albd_server.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP OpenView CM Application Usage Manager Agent Service (AUMService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - C:\Program Files\Videoload Manager\ContentManager.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Rational Lock Manager (LockMgr) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\CM\Agent\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 14955 bytes

Denkst du das das System nun clean ist ? oder was empfiehlst du noch zu tun ?
Auf jeden Fall schon mal ein dickes dickes Dankeschön der Rechner läuft nun wieder gescheit.
Nach was für auffälligkeiten schaust du in den Logfiles eigentlich ? An was erkennt man die Trojaner und Mal & Spyware ?

Bis dann
Sven

[Speedy]

fixe mit HijackThis die nachfolgenden einträge, sofern sie noch vorhanden sind
(du musst das tool unter vista als administrator ausführen !!! )

O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O15 - Trusted Zone: http://www.gamesload.de
O15 - Trusted Zone: http://www.videoload.de
O15 - Trusted Zone: http://*.videoload.de
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://bbnsslvpn.net.europe.agilent...erSetupSP1.cab

erstelle ein neues hjt logfile und poste es

Nach was für auffälligkeiten schaust du in den Logfiles eigentlich ? An was erkennt man die Trojaner und Mal & Spyware ?

bekannten dateien (malware) und unbekannten (hier kann auch eine reguläre software dabei sein)