6 replies to this topic

[tschatts]

Hi,

a couple of weeks ago my Antivirus program (Avira Antivir) discovered a trojan on my system. So I ran Malwarebytes, Spybot and Avenger to try and get rid of it. It seemed fine at first, however, the past few days it has been coming back. When I run Malwarebytes now it does not find anything, with Avira I get to hits though. Can anyone help me to remove this permanently please?

Here are the most recent Avira Scan and HijackThis logs. I hope this helps. Any help would be greatly appreciated.


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 31. März 2009 17:45

Es wird nach 1334230 Virenstämmen gesucht.

Lizenznehmer: Avira AntiVir PersonalEdition Classic
Seriennummer: 0000149996-ADJIE-0001
Plattform: Windows Vista
Windowsversion: (Service Pack 1) [6.0.6001]
Boot Modus: Normal gebootet
Benutzername: SYSTEM
Computername: TOBIAS-PC

Versionsinformationen:
BUILD.DAT : 8.2.0.347 16934 Bytes 16.03.2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 08:21:23
AVSCAN.DLL : 8.1.4.0 48897 Bytes 09.05.2008 11:27:06
LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:16
LUKERES.DLL : 8.1.4.0 12545 Bytes 09.05.2008 11:40:42
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 12:25:29
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22.03.2009 21:19:59
ANTIVIR3.VDF : 7.1.2.240 327680 Bytes 31.03.2009 15:20:45
Engineversion : 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 31.01.2009 11:14:00
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 26.03.2009 18:55:27
AESCN.DLL : 8.1.1.8 127346 Bytes 06.03.2009 12:02:06
AERDL.DLL : 8.1.1.3 438645 Bytes 04.11.2008 13:58:38
AEPACK.DLL : 8.1.3.11 397687 Bytes 24.03.2009 21:19:06
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27.02.2009 18:28:51
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 24.03.2009 21:19:05
AEHELP.DLL : 8.1.2.2 119158 Bytes 27.02.2009 18:28:48
AEGEN.DLL : 8.1.1.31 340341 Bytes 26.03.2009 18:55:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 14.10.2008 10:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 17.02.2009 17:16:20
AEBB.DLL : 8.1.0.3 53618 Bytes 14.10.2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31.07.2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:45:01
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:32:05

Konfiguration für den aktuellen Suchlauf:
Job Name.........................: Vollständige Systemprüfung
Konfigurationsdatei..............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Protokollierung..................: niedrig
Primäre Aktion...................: interaktiv
Sekundäre Aktion.................: ignorieren
Durchsuche Masterbootsektoren....: ein
Durchsuche Bootsektoren..........: ein
Bootsektoren.....................: C:, D:,
Durchsuche aktive Programme......: ein
Durchsuche Registrierung.........: ein
Suche nach Rootkits..............: aus
Datei Suchmodus..................: Intelligente Dateiauswahl
Durchsuche Archive...............: ein
Rekursionstiefe einschränken.....: 20
Archiv Smart Extensions..........: ein
Makrovirenheuristik..............: ein
Dateiheuristik...................: mittel

Beginn des Suchlaufs: Dienstag, 31. März 2009 17:45

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avwsc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ieuser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPHC_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPQTOA~1.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'btdna.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HpqSRmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiFiMsg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLSched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XAudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLCapSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '67' Prozesse mit '67' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen.
Die Registry wurde durchsucht ( '49' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\gaopdxoqfirkdnttfbiqcnqjowubltgsqvskpm.sys
[FUND] Ist das Trojanische Pferd TR/Agent.45056.237
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a41446a.qua' verschoben!
C:\Windows\System32\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <HP_RECOVERY>
D:\RECYCLER\S-0-8-66-100012882-100012941-100017128-6144.com
[FUND] Ist das Trojanische Pferd TR/TDss.twf
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a0273cb.qua' verschoben!


Ende des Suchlaufs: Dienstag, 31. März 2009 21:48
Benötigte Zeit: 4:03:09 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

20018 Verzeichnisse wurden überprüft
350710 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
3 Dateien konnten nicht durchsucht werden
350705 Dateien ohne Befall
1589 Archive wurden durchsucht
3 Warnungen
2 Hinweise


And here is the HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:25:25, on 01.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tobi\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemail.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.uni-mannheim.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uni-mannheim.de;10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tobi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10319 bytes

[Fatdcuk]

Hi and welcome to the MBAM forums

You have the CLB rootkit infection on your computer amongst other stuff.

Please use the following guide as a walkthrough fix for that problem.
http://www.malwareby...showtopic=12709

Please then post back here with fresh MBAM quick scan log + new HJT log.

Thanks in advance

[tschatts]

Alright, I followed the steps in the guide. However, when I ran RootRepeal none of the listed files was found!? Here's there scan log, maybe I'm missing something. There is only one .sys file, and that's the first one but I don't if that is the correct one...


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/02 11:30
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d950d0-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d95143-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d95154-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d951d6-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d95207-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d952ab-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d9530b-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d95083-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6d9501b-15f7-11de-98d7-001636f1d0ca}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\migration\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d
5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa692
0e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab
ac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850
4d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898
0e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2
0e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5
ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949
b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.16716_de-de_25025fdedb611a73\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.20876_de-de_0e3abadaf5031283\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6001.18106_de-de_24dd5b5cdbb30d73\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6001.22221_de-de_0e122718f5582002\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_f5ee7d044d774a25\2832D1~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_f5ee7d044d774a25\5246C5~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_f6373a4766c59195\2832D1~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_f6373a4766c59195\5246C5~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_de-de_f7d987f44a9b29f4\2832D1~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_de-de_f7d987f44a9b29f4\5246C5~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6000.16720_none_173a294b153205b9\REGASM~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6000.20883_none_00723fef2ed44aac\REGASM~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.18000_none_171424a31584df11\REGASM~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.18111_none_17150e011584125a\REGASM~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.22230_none_00497e9d2f298b6d\REGASM~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.16720_none_ea5553f167a4fe69\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.20883_none_d38d6a958147435c\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_41c5708575991d81\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_43f08fdb728b6c28\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18000_none_7aa3ffe08cb3c55b\_ServiceModelServicePerfCounters_D.ini
Status: Allocation size mismatch (API: 561152, Raw: 56)

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18000_none_df9309c89e6869dc\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16720_none_6bfcb0a8ef8c6f2e\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.20883_none_5534c74d092eb421\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18000_none_6bd6ac00efdf4886\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18111_none_6bd7955eefde7bcf\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.22230_none_550c05fb0983f4e2\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.18000_none_ea2f4f4967f7d7c1\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.18111_none_ea3038a767f70b0a\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.22230_none_d364a943819c841d\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be
5\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d
8\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde4888
6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a019
9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.16720_de-de_65722c179a7be658\MSCORL~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.16708_none_820ff368b2f34b62\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.20864_none_8254af83cc452d76\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.18096_none_8392e048b064a7f7\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.22208_none_847fced9c9377c1d\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18000_none_807f48c92e443087\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.20864_none_c2d84ebb9c4922b1\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18000_none_c471cd10802509af\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c4167f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c5036e11993b7158\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\C0DFA2~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\32E50A~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\4C504D~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\44CF51~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\A26085~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\462A0E~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\6E1277~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\7EA101~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\127E9D~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\6A2DCD~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\C8609E~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\0C585E~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\04EC6C~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\4471EF~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\769372~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\7467E7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\C0DFA2~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\32E50A~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\4C504D~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\44CF51~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\A26085~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\462A0E~1.RES
Statu

[Fatdcuk]

Ok then lets run out another tool to see if it will highlight what is going occuring on your pc.

STEP 01
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[tschatts]

Ok, I did what you told me. Here are the new logs

Attached Files

•  log_02.04.09.txt   18.93K   11 downloads
•  log_02.04.09.txt   8.77K   13 downloads

[Fatdcuk]

Hi if possible could you rerun both tolls and instead of uploading the logs,just copy and paste the contents into your next reply....is so much easiar on tired eyes

[tschatts]

I'm sorry but I'm not able to run the tools again today so I'll just pust the old two logs right now. I have not been doing anything on the computer since I last ran the programs so I don't think a new would look much different! Hopefully you'll be able find anything in them.

So first the Combofix Log:

ComboFix 09-04-01.01 - Tobi 2009-04-02 17:40:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1013.408 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((( Dateien erstellt von 2009-03-02 bis 2009-04-02 ))))))))))))))))))))))))))))))
.

2009-04-02 17:37 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-02 10:27 . 2009-04-02 11:27 8 --a------ c:\windows\System32\settings.dat
2009-03-26 22:14 . 2009-03-26 22:14 <DIR> d-------- c:\program files\Midway Games
2009-03-26 22:13 . 2009-03-26 22:13 <DIR> d-------- c:\users\Tobi\AppData\Roaming\InstallShield
2009-03-26 21:47 . 2009-03-26 21:42 286,720 --a------ c:\windows\iun506.exe
2009-03-26 21:43 . 2009-03-26 21:43 <DIR> d-------- c:\program files\Activision Value
2009-03-26 21:43 . 2009-03-26 21:43 <DIR> d-------- C:\DirectX
2009-03-20 11:46 . 2009-03-20 11:46 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 02:21 . 2009-03-20 09:31 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-20 02:21 . 2009-03-20 09:31 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-20 02:21 . 2009-03-20 10:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-20 01:34 . 2009-03-20 01:34 <DIR> d-------- c:\users\Tobi\AppData\Roaming\Malwarebytes
2009-03-19 23:40 . 2009-03-19 23:40 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-19 23:40 . 2009-03-19 23:40 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-19 23:40 . 2009-03-20 01:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 23:40 . 2009-02-11 11:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-19 23:40 . 2009-02-11 11:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-19 23:23 . 2009-03-19 23:23 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-03-19 23:23 . 2009-03-19 23:23 <DIR> d-------- c:\programdata\WindowsSearch
2009-03-19 12:56 . 2009-03-19 13:05 <DIR> d-------- c:\users\Tobi\AppData\Roaming\Roxio
2009-03-14 18:28 . 2009-03-14 18:28 <DIR> d-------- c:\program files\Xvid
2009-03-14 18:28 . 2008-04-27 11:33 765,952 --a------ c:\windows\System32\xvidcore.dll
2009-03-14 18:28 . 2008-04-27 11:35 180,224 --a------ c:\windows\System32\xvidvfw.dll
2009-03-14 18:28 . 2007-06-28 19:55 77,824 --a------ c:\windows\System32\xvid.ax
2009-03-11 13:47 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 13:47 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 13:47 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 13:47 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 13:47 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 13:47 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 12:39 . 2009-03-10 12:39 <DIR> d-------- c:\users\Tobi\Program Files
2009-03-10 10:10 . 2009-03-10 10:10 <DIR> d-------- c:\program files\directx
2009-03-10 10:07 . 2009-03-10 10:07 <DIR> d-------- c:\program files\Rockstar Games
2009-03-10 09:59 . 2009-04-02 17:44 <DIR> d-------- c:\users\Tobi\AppData\Roaming\DNA
2009-03-10 09:59 . 2009-03-10 10:00 <DIR> d-------- c:\program files\DNA
2009-03-06 22:36 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-06 22:36 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-06 22:36 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-06 22:36 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-06 22:36 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-06 22:36 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-06 22:36 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-06 22:36 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-06 22:24 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-06 22:24 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-06 22:24 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-06 22:24 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-06 22:23 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 18:40 --------- d-----w c:\program files\ICQ6
2009-03-26 20:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 09:11 --------- d-----w c:\users\Tobi\AppData\Roaming\Skype
2009-03-19 23:45 --------- d-----w c:\program files\ICQToolbar
2009-03-19 11:47 --------- d-----w c:\programdata\Roxio
2009-03-19 10:56 --------- d-----w c:\programdata\Sonic
2009-03-15 19:14 --------- d-----w c:\users\Tobi\AppData\Roaming\ICQ
2009-03-12 07:41 --------- d-----w c:\users\Tobi\AppData\Roaming\Tobit
2009-03-12 07:41 --------- d-----w c:\program files\Tobit ClipInc
2009-03-12 07:25 --------- d-----w c:\program files\Windows Mail
2009-03-01 13:24 --------- d-----w c:\program files\TVAnts
2009-02-03 09:09 --------- d-----w c:\users\Tobi\AppData\Roaming\GTek
2009-02-03 09:09 --------- d-----w c:\program files\HP
2009-02-03 09:08 --------- d-----w c:\program files\Hewlett-Packard
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-28 17:45 174 --sha-w c:\program files\desktop.ini
2006-11-10 09:49 51,712 ----a-w c:\program files\vpnclient_jp.mst
2006-11-10 09:49 1,073 ----a-w c:\program files\sig.dat
2006-11-10 09:49 1,022 ----a-w c:\program files\vpnclient_setup.ini
2006-11-10 09:48 857 ----a-w c:\program files\vpnclient_setup.sms
2006-11-10 09:48 8,256,512 ----a-w c:\program files\vpnclient_setup.msi
2006-11-10 09:48 657 ----a-w c:\program files\vpnclient_setup.pdf
2006-11-10 09:48 51,200 ----a-w c:\program files\vpnclient_fc.mst
2006-11-10 09:48 50,688 ----a-w c:\program files\vpnclient_setup.exe
2006-11-10 09:48 1,822,520 ----a-w c:\program files\instmsiw.exe
2006-11-10 09:48 1,708,856 ----a-w c:\program files\instmsi.exe
2006-11-10 09:46 217,220 ----a-w c:\program files\installservice.exe
2006-11-10 09:45 16,506 ----a-w c:\program files\DelayInst.exe
2007-06-13 09:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-13 09:22 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-13 09:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-14 20034600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"BitTorrent DNA"="c:\users\Tobi\Program Files\DNA\btdna.exe" [2009-03-10 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-20 77824]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 126976]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-05-05 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"msacm.l3codec"= c:\windows\system32\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{49E45EF2-D93D-4132-8D71-763E54460CF4}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{080FEF26-3548-445F-9141-3F78AD33ABF2}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{9A4CA9E4-1501-4AA4-94F9-7963852FE3A7}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{2E4ED815-BC51-4004-B146-E9D24E237B7C}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{962764AB-D474-41D5-AA8C-6A191970F417}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{18A35116-A741-4541-B788-904E9ECDBA2D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE3DB790-9E11-44E7-ABC4-0A6981C8838F}"= UDP:c:\program files\Common Files\AOL\1172938648\ee\aolsoftware.exe:AOL Services
"{25C7F3AB-D6C8-4A3B-A8AD-AE1C93C76A0A}"= TCP:c:\program files\Common Files\AOL\1172938648\ee\aolsoftware.exe:AOL Services
"{F3C41823-51EF-44EE-AEF3-D2EB63CA578D}"= UDP:c:\program files\Common Files\AOL\1172938648\ee\aim6.exe:AIM
"{079AD4DC-2ECE-491C-AFDE-0A02D09C18F0}"= TCP:c:\program files\Common Files\AOL\1172938648\ee\aim6.exe:AIM
"TCP Query User{1EA279A4-FF13-4E53-8B67-9530217D6E19}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{1EDCAF72-18AE-4114-894C-14A9A882B648}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"TCP Query User{277C3C3C-B326-4AF4-A5F7-A85EC8AC50CE}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{590C4C37-F8E7-4BBB-9380-D0091712DCBF}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"TCP Query User{796981A1-4FE7-45BF-9B8E-4B82431D17E9}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{4E9BA32E-93DE-40E0-B71C-F1A8DC6095A0}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{5F7FECA8-A6E5-4631-A3D1-6DA8B41E86F5}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{462C5195-8BE6-4E72-8577-FB5C98B1EAF1}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{29F62DB6-5805-4328-AE82-55FBBFDA3851}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CE1D5629-CF19-4A55-9FF6-930EDF8B45D4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2185A180-B8BD-4992-83BF-4644383333D4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{54C77FE1-34AB-44A4-B096-344EDD362CC5}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{F71A0607-CF5B-442E-96D0-E84D6A848807}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{5281BE21-8E11-4CAE-8EF9-436DF8C9FD83}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{A52CDDF2-A290-4F96-9068-B020151DAAB2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{090911AB-BAA4-4AF5-8CA4-AF1CE8340C0C}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{CB1C4829-222A-487E-9293-C512D70E53FE}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{2D3E1603-29CC-476F-9C82-2DDD31C9D8A2}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{066BE04F-3B2B-4774-9D9E-35D0F4B14C1D}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{3F981D73-FCA8-4762-B1D3-0D2A18757C04}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{DB25DDEE-9E6F-4953-9212-5235AEBFA3DA}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{A9E90FBF-CD39-4623-89FA-C0715BA04A03}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{375F7588-8CC1-45E9-B9DF-74CDA548288C}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{DEE0BA03-9966-496D-93E6-87E4E1B6C2C9}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{C808A0B8-CB76-47A3-A698-081D52537CB5}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{6A27EB5E-B89B-4252-84F1-E0105F09A484}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{F77BAB9A-952C-4821-9860-A304CCDF24EC}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{FAC50B3A-C33C-494D-9958-4E067F060A70}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{E2A520F3-024C-489B-B9C8-E7AF97CF19A8}"= UDP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{87318659-CB2D-419A-9338-84B75F93D39D}"= TCP:Profile=Private|Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"TCP Query User{7869CC0D-C084-42CD-9F1C-EF0D255F0BD4}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{BB3F735D-1532-44CD-B5FC-4C394AAAEB5E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{297FBEB6-178B-4A3D-8EFB-61D805092BE6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{68D4D074-D731-4097-A4CB-CE1BE44FAF1E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{2607ED34-9CEF-404D-9CB4-10EB4022C35F}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{CF190517-F9C7-4603-A895-2AADE8D32F2E}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{FB40BF6D-D1A3-4FC5-A921-FA9FA75854F0}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{AC80F7A7-374C-4E9E-ABA7-0A3BC5E5CEAA}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{8FEDA6E5-186B-425D-BF4C-744B063C6884}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{071C0685-8C28-43DF-B894-72E2B1DCC8A0}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{74FE8B59-73E2-4942-8349-6A28900AF1BD}"= UDP:c:\program files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{EC9DEE77-4313-4775-9EFD-FA0D03EFFFBF}"= TCP:c:\program files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-20 1153368]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37e9f122-4e86-11dd-8b97-001636f1d0ca}]
\shell\AutoRun\command - F:\CDStart.exe
.
Inhalt des "geplante Tasks" Ordners

2009-04-02 c:\windows\Tasks\User_Feed_Synchronization-{2E5BA939-A954-436A-897D-964E4F840507}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freemail.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = www-cache.uni-mannheim.de:3128
uInternet Settings,ProxyOverride = *.uni-mannheim.de;10.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 17:45:13
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-04-02 17:48:01
ComboFix-quarantined-files.txt 2009-04-02 15:47:56

Vor Suchlauf: 22 Verzeichnis(se), 71.688.208.384 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 71,785,021,440 Bytes frei

227 --- E O F --- 2009-03-31 15:23:55


And here's the new HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:51, on 03.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemail.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.uni-mannheim.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uni-mannheim.de;10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9207 bytes