1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

painfully slow pc...

Discussion in 'Virus & Other Malware Removal' started by amar66, Feb 15, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    Hello gang, I hope someone can help. I haven't added any new programs recently, I keep my machine with all sorts of protective gear clean.
    Thanks a lot for your help.
    Here's my logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:23:17, on 15.02.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programme\AVG\AVG9\avgchsvx.exe
    C:\Programme\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVG\AVG9\avgcsrvx.exe
    C:\Programme\Creative\Shared Files\CTAudSvc.exe
    C:\Programme\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Programme\AVG\AVG9\avgwdsvc.exe
    C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Programme\Logitech\MouseWare\system\em_exec.exe
    C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\imapi.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Ahead\InCD\InCD.exe
    C:\Programme\IObit\IObit Security 360\IS360tray.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Programme\uTorrent\uTorrent.exe
    C:\Programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Programme\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\AVG\AVG9\avgnsx.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programme\SpywareGuard\sgbhp.exe
    C:\Programme\PeerGuardian2\pg2.exe
    C:\Programme\IObit\IObit Security 360\is360.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Programme\IObit\Advanced SystemCare 3\AWC.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Programme\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Programme\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SmartRAM] "C:\Programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe
    O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218935793750
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254230751765
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC95A30-EC2B-4CBB-BF8F-F3FD6F5E3969}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

    --
    End of file - 10042 bytes
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    Hiya

    Are you still having this problem? If so, do the following:


    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Download RootRepeal from one of the following locations and save it to your desktop:
    • Double click [​IMG] to start the program
    • Click on the Report tab at the bottom of the program window
    • Click the [​IMG] button
    • In the Select Scan dialog, check:

      • [*]Drivers
        [*]Files
        [*]Processes
        [*]SSDT
        [*]Stealth Objects
        [*]Hidden Services
        [*]Shadow SSDT
    • Click the OK button
    • In the next dialog, select all drives showing
    • Click OK to start the scan
      Note: The scan can take some time. DO NOT run any other programs while the scan is running
    • When the scan is complete, click the [​IMG] button and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program
    If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
    Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below ;) ) [/list]

    [​IMG]

    • In there, at the bottom, click on the button Manage Attachments (in the picture below ;) .
    • A window will appear, and then Browse to RootRepeal.txt on your Desktop.
    • Click Upload, and when uploaded click Close this Window
    • Then, in the previous window, click on Add Reply

    [​IMG]


    Please include the MBAM log, SAS log, RootRepeal.txt and a fresh HijackThis log in your next reply

    Regards

    eddie
     
  3. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    wow, I finally got to it all, here it is:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3805
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    28.02.2010 11:45:51
    mbam-log-2010-02-28 (11-45-50).txt

    Scan type: Quick Scan
    Objects scanned: 118010
    Time elapsed: 38 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/28/2010 at 04:05 PM

    Application Version : 4.34.1000

    Core Rules Database Version : 4624
    Trace Rules Database Version: 2436

    Scan type : Complete Scan
    Total Scan Time : 04:06:57

    Memory items scanned : 535
    Memory threats detected : 0
    Registry items scanned : 6108
    Registry threats detected : 0
    File items scanned : 55031
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Dokumente und Einstellungen\Amar\Cookies\[email protected][2].txt




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:33:36, on 28.02.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programme\AVG\AVG9\avgchsvx.exe
    C:\Programme\AVG\AVG9\avgrsx.exe
    C:\Programme\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Programme\Logitech\MouseWare\system\em_exec.exe
    C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Programme\Ahead\InCD\InCD.exe
    C:\Programme\IObit\IObit Security 360\IS360tray.exe
    C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Programme\SpywareGuard\sgmain.exe
    C:\Programme\AVG\AVG9\avgwdsvc.exe
    C:\Programme\AVG\AVG9\avgnsx.exe
    C:\Programme\SpywareGuard\sgbhp.exe
    C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programme\IObit\IObit Security 360\is360.exe
    C:\Programme\uTorrent\uTorrent.exe
    C:\Programme\VideoLAN\VLC\vlc.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Programme\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Programme\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SmartRAM] "C:\Programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe
    O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218935793750
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254230751765
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC95A30-EC2B-4CBB-BF8F-F3FD6F5E3969}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Update Service (gupdate1c9aba676746952) (gupdate1c9aba676746952) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

    --
    End of file - 10257 bytes
     

    Attached Files:

  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    No probem :)


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  5. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    ComboFix 10-03-03.03 - Amar 03.03.2010 23:21:27.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.41.1031.18.1023.577 [GMT 1:00]
    ausgeführt von:: c:\dokumente und einstellungen\Amar\Eigene Dateien\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Vbshell.tlb
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((( Dateien erstellt von 2010-02-03 bis 2010-03-03 ))))))))))))))))))))))))))))))
    .

    2010-03-03 22:15 . 2010-03-03 22:15 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
    2010-02-07 12:54 . 2010-03-02 19:56 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\vlc
    2010-02-04 20:09 . 2010-02-04 20:15 -------- d-----w- C:\protowall

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-03 22:32 . 2008-08-17 09:22 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\uTorrent
    2010-03-03 22:28 . 2008-08-17 19:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-03-03 22:27 . 2008-09-09 12:19 -------- d-----w- c:\programme\PeerGuardian2
    2010-02-28 10:09 . 2009-12-27 11:24 117760 ----a-w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-28 10:08 . 2009-12-27 11:21 -------- d-----w- c:\programme\SUPERAntiSpyware
    2010-02-24 11:56 . 2008-08-17 09:22 -------- d-----w- c:\programme\uTorrent
    2010-02-20 09:56 . 2008-08-17 20:41 2402840 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Drivers Headquarters\Driver Detective\Downloads\infinst_autol.exe
    2010-02-15 21:49 . 2008-08-17 08:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
    2010-01-30 10:42 . 2009-05-17 18:53 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
    2010-01-30 10:42 . 2009-05-17 18:50 -------- d-----w- c:\programme\SpywareBlaster
    2010-01-22 18:02 . 2008-08-17 09:12 -------- d-----w- c:\programme\Mozilla Thunderbird
    2010-01-17 00:29 . 2010-01-17 00:28 -------- d-----r- c:\programme\Skype
    2010-01-17 00:29 . 2010-01-17 00:29 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
    2010-01-17 00:28 . 2008-08-17 08:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
    2010-01-16 23:54 . 2008-08-17 17:25 -------- d-----w- c:\programme\QuickTime
    2010-01-16 23:54 . 2010-01-16 23:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\programme\Apple Software Update
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
    2010-01-16 23:41 . 2008-08-17 09:12 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\Thunderbird
    2010-01-16 23:36 . 2009-01-15 18:27 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe AIR
    2010-01-16 23:36 . 2009-11-15 10:42 38784 ----a-w- c:\dokumente und einstellungen\Default User\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-01-16 23:14 . 2010-01-16 23:14 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative
    2010-01-16 23:11 . 2008-08-17 01:13 -------- d--h--w- c:\programme\InstallShield Installation Information
    2010-01-16 23:11 . 2010-01-16 23:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Creative Labs Shared
    2010-01-16 23:09 . 2009-06-01 14:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-01-16 23:09 . 2008-08-17 20:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-01-16 23:03 . 2010-01-16 23:01 39451456 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Drivers Headquarters\Driver Detective\Downloads\SBAX_PCDRV_LB_2_18_0011.exe
    2010-01-16 22:29 . 2009-01-12 21:12 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
    2010-01-16 22:28 . 2009-01-15 19:29 5115824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-16 15:10 . 2009-03-07 15:02 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2010-01-16 15:10 . 2009-03-07 15:02 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    2010-01-09 19:56 . 2008-08-17 19:36 -------- d-----w- c:\programme\Gemeinsame Dateien\Logitech
    2010-01-09 17:04 . 2009-07-24 16:44 862040 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\threatwork.exe
    2010-01-09 17:04 . 2009-07-24 16:43 206944 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\lavamessage.dll
    2010-01-09 17:04 . 2009-07-24 16:43 390288 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\lavalicense.dll
    2010-01-09 17:04 . 2009-10-24 15:54 537576 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\aawapi.dll
    2010-01-09 17:04 . 2009-07-24 16:43 370744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\UpdateManager.dll
    2010-01-09 17:04 . 2010-01-09 17:04 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    2010-01-09 17:04 . 2009-07-24 16:43 194104 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Savapibridge.dll
    2010-01-09 17:02 . 2009-07-24 16:43 6296864 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Resources.dll
    2010-01-09 17:02 . 2009-07-24 16:43 933120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\CEAPI.dll
    2010-01-09 17:02 . 2009-07-24 16:42 816272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
    2010-01-09 17:01 . 2009-07-24 16:42 822904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
    2010-01-09 17:01 . 2009-07-24 16:42 1643272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2010-01-09 17:00 . 2009-07-24 16:42 788880 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\AAWTray.exe
    2010-01-09 17:00 . 2009-07-24 16:41 1181328 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\AAWService.exe
    2010-01-09 13:38 . 2010-01-09 13:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IObit
    2010-01-09 13:38 . 2009-10-29 20:57 -------- d-----w- c:\programme\IObit
    2010-01-09 13:19 . 2008-08-17 09:34 -------- d-----w- c:\programme\GoldWave
    2010-01-09 13:05 . 2010-01-09 12:16 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\IObit
    2010-01-07 21:26 . 2010-01-07 21:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
    2010-01-07 15:07 . 2009-01-12 21:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2009-01-12 21:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-03 10:34 . 2009-12-27 11:24 52224 ----a-w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 16:50 . 2003-07-21 21:13 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-22 05:07 . 2003-07-21 21:18 672768 ----a-w- c:\windows\system32\wininet.dll
    2009-12-22 05:07 . 2004-08-04 07:57 81920 ------w- c:\windows\system32\ieencode.dll
    2009-12-17 07:40 . 2008-08-17 00:29 346624 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2003-07-21 20:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-12 14:08 . 2003-07-21 21:08 448470 ----a-w- c:\windows\system32\perfh007.dat
    2009-12-12 14:08 . 2003-07-21 21:08 79910 ----a-w- c:\windows\system32\perfc007.dat
    2009-12-04 18:22 . 2003-07-21 21:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .

    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-02-23 319280]
    "SmartRAM"="c:\programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
    "Google Update"="c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "CTSysVol"="c:\programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
    "CTDVDDet"="c:\programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-09 788880]
    "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 61440]
    "CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
    "InCD"="c:\programme\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
    "IObit Security 360"="c:\programme\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
    "SmartDefrag"="c:\programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-11-24 2156816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\dokumente und einstellungen\Amar\Startmen\Programme\Autostart\
    Secunia PSI.lnk - c:\programme\Secunia\PSI\psi.exe [2009-6-24 803176]
    SpywareGuard.lnk - c:\programme\SpywareGuard\sgmain.exe [2003-8-29 360448]

    c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
    BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2003-8-14 499773]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-10-25 10:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Amar^Startmenü^Programme^Autostart^Secunia PSI.lnk]
    path=c:\dokumente und einstellungen\Amar\Startmenü\Programme\Autostart\Secunia PSI.lnk
    backup=c:\windows\pss\Secunia PSI.lnkStartup

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Amar^Startmenü^Programme^Autostart^Verknüpfung mit ram.lnk]
    path=c:\dokumente und einstellungen\Amar\Startmenü\Programme\Autostart\Verknüpfung mit ram.lnk
    backup=c:\windows\pss\Verknüpfung mit ram.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 14:57 948672 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    2010-01-01 11:44 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:22 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2009-06-23 10:48 19456 ----a-w- c:\windows\system32\CtHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
    2006-05-22 11:26 694272 ----a-w- c:\programme\dvd43\DVD43_Tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-09-02 20:47 133104 ----atw- c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
    2009-12-24 16:02 1280272 ----a-w- c:\programme\IObit\IObit Security 360\is360tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2008-08-14 15:15 2407184 ----a-w- c:\programme\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-02-20 13:22 4363504 ----a-w- c:\programme\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 14:44 3883856 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 00:54 417792 ----a-w- c:\programme\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 12:11 25623336 ----a-r- c:\programme\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 --sha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-02-28 10:08 2012912 ----a-w- c:\programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-02-23 18:04 319280 ----a-w- c:\programme\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "gupdate1c9aba676746952"=2 (0x2)
    "CCALib8"=2 (0x2)
    "avg9emc"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "IS360service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programme\\uTorrent\\uTorrent.exe"=
    "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Programme\\Skype\\Phone\\Skype.exe"=

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07.01.2009 22:39 20744]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.01.2009 11:06 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.08.2008 10:00 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.08.2008 10:00 360584]
    R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [16.12.2009 16:26 12872]
    R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 16:26 66632]
    R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [25.10.2009 11:19 285392]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27.07.2005 16:25 14080]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27.07.2005 16:25 36352]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27.07.2005 16:25 77056]
    S2 gupdate1c9aba676746952;Google Update Service (gupdate1c9aba676746952);c:\programme\Google\Update\GoogleUpdate.exe [23.03.2009 11:59 133104]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07.12.2008 11:44 30088]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [17.01.2010 00:11 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [07.03.2009 16:02 13224]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02.07.2008 13:58 26248]
    S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\ProtoWall.sys [28.01.2004 15:35 21376]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 13:20 12648]
    S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 16:27 12872]
    S4 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [25.10.2009 11:20 906520]
    S4 IS360service;IS360service;c:\programme\IObit\IObit Security 360\is360srv.exe [09.01.2010 14:38 311568]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1181328]
    .
    Inhalt des "geplante Tasks" Ordners

    2010-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-03-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programme\Google\Update\GoogleUpdate.exe [2009-03-23 10:59]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programme\Google\Update\GoogleUpdate.exe [2009-03-23 10:59]

    2010-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-73586283-682003330-1004Core.job
    - c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-02 20:47]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-73586283-682003330-1004UA.job
    - c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-02 20:47]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: {7EC95A30-EC2B-4CBB-BF8F-F3FD6F5E3969} = 192.168.1.1
    FF - ProfilePath - c:\dokumente und einstellungen\Amar\Anwendungsdaten\Mozilla\Firefox\Profiles\nmw2jpk6.Amar\
    FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=9b0qk398mciak
    FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\programme\eMusic Download Manager\plugin\npemusic.dll
    FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\programme\Mozilla Firefox\plugins\npmusicn.dll
    FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX Richtlinien ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Amar\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-03 23:29
    Windows 5.1.2600 Service Pack 3 NTFS

    Scanne versteckte Prozesse...

    Scanne versteckte Autostarteinträge...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    Scanne versteckte Dateien...

    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- Durch laufende Prozesse gestartete DLLs ---------------------

    - - - - - - - > 'winlogon.exe'(800)
    c:\programme\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(7836)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\programme\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\SSSensor.dll
    c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\programme\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\programme\Ahead\InCD\InCDsrv.exe
    c:\programme\Sygate\SPF\smc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\programme\AVG\AVG9\avgchsvx.exe
    c:\programme\AVG\AVG9\avgrsx.exe
    c:\programme\Creative\Shared Files\CTAudSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\programme\AVG\AVG9\avgcsrvx.exe
    c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\windows\system32\CTsvcCDA.exe
    c:\programme\AVG\AVG9\avgnsx.exe
    c:\windows\system32\imapi.exe
    c:\programme\Java\jre6\bin\jqs.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\system32\rundll32.exe
    c:\programme\Logitech\MouseWare\system\em_exec.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2010-03-03 23:37:32 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2010-03-03 22:37
    ComboFix2.txt 2009-01-13 23:00

    Vor Suchlauf: 19 Verzeichnis(se), 52'634'542'080 Bytes frei
    Nach Suchlauf: 22 Verzeichnis(se), 52'610'818'048 Bytes frei

    - - End Of File - - E21D7C5BC820DCDD159B7F6C78D5BEEF
     
  6. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    ComboFix 10-03-03.03 - Amar 03.03.2010 23:21:27.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.41.1031.18.1023.577 [GMT 1:00]
    ausgeführt von:: c:\dokumente und einstellungen\Amar\Eigene Dateien\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Vbshell.tlb
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((( Dateien erstellt von 2010-02-03 bis 2010-03-03 ))))))))))))))))))))))))))))))
    .

    2010-03-03 22:15 . 2010-03-03 22:15 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
    2010-02-07 12:54 . 2010-03-02 19:56 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\vlc
    2010-02-04 20:09 . 2010-02-04 20:15 -------- d-----w- C:\protowall

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-03 22:32 . 2008-08-17 09:22 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\uTorrent
    2010-03-03 22:28 . 2008-08-17 19:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-03-03 22:27 . 2008-09-09 12:19 -------- d-----w- c:\programme\PeerGuardian2
    2010-02-28 10:09 . 2009-12-27 11:24 117760 ----a-w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-28 10:08 . 2009-12-27 11:21 -------- d-----w- c:\programme\SUPERAntiSpyware
    2010-02-24 11:56 . 2008-08-17 09:22 -------- d-----w- c:\programme\uTorrent
    2010-02-20 09:56 . 2008-08-17 20:41 2402840 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Drivers Headquarters\Driver Detective\Downloads\infinst_autol.exe
    2010-02-15 21:49 . 2008-08-17 08:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
    2010-01-30 10:42 . 2009-05-17 18:53 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
    2010-01-30 10:42 . 2009-05-17 18:50 -------- d-----w- c:\programme\SpywareBlaster
    2010-01-22 18:02 . 2008-08-17 09:12 -------- d-----w- c:\programme\Mozilla Thunderbird
    2010-01-17 00:29 . 2010-01-17 00:28 -------- d-----r- c:\programme\Skype
    2010-01-17 00:29 . 2010-01-17 00:29 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
    2010-01-17 00:28 . 2008-08-17 08:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
    2010-01-16 23:54 . 2008-08-17 17:25 -------- d-----w- c:\programme\QuickTime
    2010-01-16 23:54 . 2010-01-16 23:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\programme\Apple Software Update
    2010-01-16 23:52 . 2010-01-16 23:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
    2010-01-16 23:41 . 2008-08-17 09:12 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\Thunderbird
    2010-01-16 23:36 . 2009-01-15 18:27 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe AIR
    2010-01-16 23:36 . 2009-11-15 10:42 38784 ----a-w- c:\dokumente und einstellungen\Default User\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-01-16 23:14 . 2010-01-16 23:14 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative
    2010-01-16 23:11 . 2008-08-17 01:13 -------- d--h--w- c:\programme\InstallShield Installation Information
    2010-01-16 23:11 . 2010-01-16 23:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Creative Labs Shared
    2010-01-16 23:09 . 2009-06-01 14:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-01-16 23:09 . 2008-08-17 20:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-01-16 23:03 . 2010-01-16 23:01 39451456 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Drivers Headquarters\Driver Detective\Downloads\SBAX_PCDRV_LB_2_18_0011.exe
    2010-01-16 22:29 . 2009-01-12 21:12 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
    2010-01-16 22:28 . 2009-01-15 19:29 5115824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-16 15:10 . 2009-03-07 15:02 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2010-01-16 15:10 . 2009-03-07 15:02 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    2010-01-09 19:56 . 2008-08-17 19:36 -------- d-----w- c:\programme\Gemeinsame Dateien\Logitech
    2010-01-09 17:04 . 2009-07-24 16:44 862040 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\threatwork.exe
    2010-01-09 17:04 . 2009-07-24 16:43 206944 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\lavamessage.dll
    2010-01-09 17:04 . 2009-07-24 16:43 390288 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\lavalicense.dll
    2010-01-09 17:04 . 2009-10-24 15:54 537576 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\aawapi.dll
    2010-01-09 17:04 . 2009-07-24 16:43 370744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\UpdateManager.dll
    2010-01-09 17:04 . 2010-01-09 17:04 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    2010-01-09 17:04 . 2009-07-24 16:43 194104 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Savapibridge.dll
    2010-01-09 17:02 . 2009-07-24 16:43 6296864 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Resources.dll
    2010-01-09 17:02 . 2009-07-24 16:43 933120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\CEAPI.dll
    2010-01-09 17:02 . 2009-07-24 16:42 816272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
    2010-01-09 17:01 . 2009-07-24 16:42 822904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
    2010-01-09 17:01 . 2009-07-24 16:42 1643272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\Ad-Aware.exe
    2010-01-09 17:00 . 2009-07-24 16:42 788880 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\AAWTray.exe
    2010-01-09 17:00 . 2009-07-24 16:41 1181328 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\update\AAWService.exe
    2010-01-09 13:38 . 2010-01-09 13:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IObit
    2010-01-09 13:38 . 2009-10-29 20:57 -------- d-----w- c:\programme\IObit
    2010-01-09 13:19 . 2008-08-17 09:34 -------- d-----w- c:\programme\GoldWave
    2010-01-09 13:05 . 2010-01-09 12:16 -------- d-----w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\IObit
    2010-01-07 21:26 . 2010-01-07 21:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
    2010-01-07 15:07 . 2009-01-12 21:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2009-01-12 21:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-03 10:34 . 2009-12-27 11:24 52224 ----a-w- c:\dokumente und einstellungen\Amar\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-31 16:50 . 2003-07-21 21:13 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-22 05:07 . 2003-07-21 21:18 672768 ----a-w- c:\windows\system32\wininet.dll
    2009-12-22 05:07 . 2004-08-04 07:57 81920 ------w- c:\windows\system32\ieencode.dll
    2009-12-17 07:40 . 2008-08-17 00:29 346624 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2003-07-21 20:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-12 14:08 . 2003-07-21 21:08 448470 ----a-w- c:\windows\system32\perfh007.dat
    2009-12-12 14:08 . 2003-07-21 21:08 79910 ----a-w- c:\windows\system32\perfc007.dat
    2009-12-04 18:22 . 2003-07-21 21:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .

    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-02-23 319280]
    "SmartRAM"="c:\programme\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
    "Google Update"="c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "CTSysVol"="c:\programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
    "CTDVDDet"="c:\programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-09 788880]
    "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 61440]
    "CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
    "InCD"="c:\programme\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
    "IObit Security 360"="c:\programme\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
    "SmartDefrag"="c:\programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-11-24 2156816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\dokumente und einstellungen\Amar\Startmen\Programme\Autostart\
    Secunia PSI.lnk - c:\programme\Secunia\PSI\psi.exe [2009-6-24 803176]
    SpywareGuard.lnk - c:\programme\SpywareGuard\sgmain.exe [2003-8-29 360448]

    c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
    BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2003-8-14 499773]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-10-25 10:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Amar^Startmenü^Programme^Autostart^Secunia PSI.lnk]
    path=c:\dokumente und einstellungen\Amar\Startmenü\Programme\Autostart\Secunia PSI.lnk
    backup=c:\windows\pss\Secunia PSI.lnkStartup

    [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Amar^Startmenü^Programme^Autostart^Verknüpfung mit ram.lnk]
    path=c:\dokumente und einstellungen\Amar\Startmenü\Programme\Autostart\Verknüpfung mit ram.lnk
    backup=c:\windows\pss\Verknüpfung mit ram.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 14:57 948672 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    2010-01-01 11:44 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:22 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2009-06-23 10:48 19456 ----a-w- c:\windows\system32\CtHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-08-11 12:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
    2006-05-22 11:26 694272 ----a-w- c:\programme\dvd43\DVD43_Tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-09-02 20:47 133104 ----atw- c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
    2009-12-24 16:02 1280272 ----a-w- c:\programme\IObit\IObit Security 360\is360tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2008-08-14 15:15 2407184 ----a-w- c:\programme\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-02-20 13:22 4363504 ----a-w- c:\programme\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 14:44 3883856 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 00:54 417792 ----a-w- c:\programme\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 12:11 25623336 ----a-r- c:\programme\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 --sha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-02-28 10:08 2012912 ----a-w- c:\programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-02-23 18:04 319280 ----a-w- c:\programme\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "gupdate1c9aba676746952"=2 (0x2)
    "CCALib8"=2 (0x2)
    "avg9emc"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "IS360service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programme\\uTorrent\\uTorrent.exe"=
    "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Programme\\Skype\\Phone\\Skype.exe"=

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07.01.2009 22:39 20744]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.01.2009 11:06 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.08.2008 10:00 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.08.2008 10:00 360584]
    R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [16.12.2009 16:26 12872]
    R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 16:26 66632]
    R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [25.10.2009 11:19 285392]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27.07.2005 16:25 14080]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27.07.2005 16:25 36352]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27.07.2005 16:25 77056]
    S2 gupdate1c9aba676746952;Google Update Service (gupdate1c9aba676746952);c:\programme\Google\Update\GoogleUpdate.exe [23.03.2009 11:59 133104]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07.12.2008 11:44 30088]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [17.01.2010 00:11 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [07.03.2009 16:02 13224]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02.07.2008 13:58 26248]
    S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\ProtoWall.sys [28.01.2004 15:35 21376]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 13:20 12648]
    S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 16:27 12872]
    S4 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [25.10.2009 11:20 906520]
    S4 IS360service;IS360service;c:\programme\IObit\IObit Security 360\is360srv.exe [09.01.2010 14:38 311568]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1181328]
    .
    Inhalt des "geplante Tasks" Ordners

    2010-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-03-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:01]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programme\Google\Update\GoogleUpdate.exe [2009-03-23 10:59]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programme\Google\Update\GoogleUpdate.exe [2009-03-23 10:59]

    2010-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-73586283-682003330-1004Core.job
    - c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-02 20:47]

    2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-73586283-682003330-1004UA.job
    - c:\dokumente und einstellungen\Amar\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-02 20:47]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: {7EC95A30-EC2B-4CBB-BF8F-F3FD6F5E3969} = 192.168.1.1
    FF - ProfilePath - c:\dokumente und einstellungen\Amar\Anwendungsdaten\Mozilla\Firefox\Profiles\nmw2jpk6.Amar\
    FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=9b0qk398mciak
    FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\programme\eMusic Download Manager\plugin\npemusic.dll
    FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\programme\Mozilla Firefox\plugins\npmusicn.dll
    FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX Richtlinien ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Amar\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-03 23:29
    Windows 5.1.2600 Service Pack 3 NTFS

    Scanne versteckte Prozesse...

    Scanne versteckte Autostarteinträge...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    Scanne versteckte Dateien...

    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- Durch laufende Prozesse gestartete DLLs ---------------------

    - - - - - - - > 'winlogon.exe'(800)
    c:\programme\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(7836)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\programme\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\SSSensor.dll
    c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\programme\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\programme\Ahead\InCD\InCDsrv.exe
    c:\programme\Sygate\SPF\smc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\programme\AVG\AVG9\avgchsvx.exe
    c:\programme\AVG\AVG9\avgrsx.exe
    c:\programme\Creative\Shared Files\CTAudSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\programme\AVG\AVG9\avgcsrvx.exe
    c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\windows\system32\CTsvcCDA.exe
    c:\programme\AVG\AVG9\avgnsx.exe
    c:\windows\system32\imapi.exe
    c:\programme\Java\jre6\bin\jqs.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\system32\rundll32.exe
    c:\programme\Logitech\MouseWare\system\em_exec.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2010-03-03 23:37:32 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2010-03-03 22:37
    ComboFix2.txt 2009-01-13 23:00

    Vor Suchlauf: 19 Verzeichnis(se), 52'634'542'080 Bytes frei
    Nach Suchlauf: 22 Verzeichnis(se), 52'610'818'048 Bytes frei

    - - End Of File - - E21D7C5BC820DCDD159B7F6C78D5BEEF
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    Okay, firstly you may as well uninstall Spybot as it hasn't been updated in a long time. Also, can you uninstall IObit Security 360 as well.

    So, just go to AddRemove via the Control Panel and uninstall these two:

    Spybot - Search & Destroy
    IObit Security 360
    IObit SmartDefrag



    Then, can you do the following after you have done the above:


    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    You're looking for AVG 9.0, SPYWARE GUARD and Sygate Personal Firewall


    3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Also, post a fresh HijackThis log.


    eddie
     

    Attached Files:

  8. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    logs attached. thanks so much, was/is my machine infected?
     

    Attached Files:

  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    That's looking a lot better :)

    IObit is a rogue program, which is also the main cause for slowness.

    I take it you uninstalled Spybot, as there is only one bit left to remove, that seemed to avoid uninstalling when you did it yourself.

    So, can you do this for me:

    Delete the CFScript.txt on your Desktop, then do the same as you did before, as in downloading the attached and running by dragging onto ComboFix, and post the log.

    eddie
     

    Attached Files:

  10. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    sorry, am a bit thick it seems. the combofix log i've deleted, as you said. but what must I do now? :eek:
     
  11. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    oh, now I see the script. strange. it wasn't there before. know what to do now. ;)
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    No problem, this is what I want you to do :)

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    You're looking for AVG 9.0, SPYWARE GUARD and Sygate Personal Firewall


    3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    (overwriting the one you already have on your Desktop)

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply



    ========

    Hope that helps, any problems let me know :)

    eddie
     

    Attached Files:

  13. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    am not sure what's wrong, but I did all you said, but when I drag the cfscript into the combofix-cat, the combofix goes into night-rider mode as it should (lamps), but then nothing at all happens..
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,688
    Hmmmm, another problem with ComboFix :(

    Okay, leave this for now, and lets look at the following program instead:


    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    eddie
     
  15. amar66

    amar66 Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    77
    thanks a lot for your help eddie. :)
    I deactivated all my security stuff, before scanning. here are the logs:
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/903248

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice