Hallo,

seit heute kommt beim Start des Betriebsystems (Vista) immer folgende Fehlermeldung:

Fehler in C:\Users...............\Local\Temp\eqtotfla.dll
Folgender Eintrag fehlt:run

Sobald ich auch irgendwas im Explorer aufrufen will, verschwindet die ganze Taskleiste und die Desktop-Symbole, und werden neu geladen.

Hier mal mein Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:41, on 15.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.icq.com/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\BENEDI~1\AppData\Local\Temp\eqtotfla.dll",run
O4 - HKCU\..\Run: [e0f0a8be] rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\lajtwnpl.dll",b
O4 - HKCU\..\Run: [BMe3c39b22] Rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll",s
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4950BC7-034B-4163-9AC3-0868390F40CB}: NameServer = 213.191.92.86 62.109.123.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

--
End of file - 8281 bytes



Bin über jede Hilfe sehr sehr dankbar!

Hallo

mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag

Zitat:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\BENEDI~1\AppData\Local\Temp\eqtotfla.dll ",run

O4 - HKCU\..\Run: [e0f0a8be] rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\lajtwnpl.dll ",b

O4 - HKCU\..\Run: [BMe3c39b22] Rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll ",s

und wähle fix checked. + starte den Rechner neu.

2.
wende CCleaner an
CCleaner

3.
wende rvaxo an +poste den report
RVAXO

4.
wende Combofix an + poste den report
combofix

Hallo Sabina,

vielen Dank!!! der Fehler ging schon durch Löschen mit HijackThis weg.

rvaxo hat bei mir leider nicht funktioniert, also es kam leider kein Bericht.
Hier aber der log von combofix (da funktioniert aber leider das deinstallieren net):

ComboFix 08-03-17.1 - Benedikt Haag 2008-03-18 11:08:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.377 [GMT 1:00]
ausgeführt von:: C:\Users\Benedikt Haag\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-18 bis 2008-03-18 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 22:58 --------- d-----w C:\Program Files\DivX
2008-03-15 22:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-15 18:41 --------- d-----w C:\Program Files\CCleaner
2008-03-14 23:54 --------- d-----w C:\Program Files\Java
2008-03-14 23:43 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-14 23:43 --------- d-----w C:\Program Files\Common Files\Real
2008-03-14 23:35 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-14 23:35 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\skypePM
2008-03-14 23:35 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Skype
2008-03-14 23:35 --------- d-----w C:\Program Files\Skype
2008-03-14 23:35 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-14 23:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 23:16 --------- d-----w C:\Program Files\Trend Micro
2008-03-14 22:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 14:48 --------- d-----w C:\Program Files\Avanquest update
2008-02-28 15:39 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-23 14:07 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\BitTorrent
2008-02-21 18:55 --------- d-----w C:\Program Files\iTunes
2008-02-21 18:55 --------- d-----w C:\Program Files\iPod
2008-02-21 18:54 --------- d-----w C:\Program Files\QuickTime
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\Windows\System32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\Windows\System32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-16 19:44 --------- d-----w C:\Program Files\SmartFTP Client
2008-02-16 19:43 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-02-13 12:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 12:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 12:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 12:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 10:23 --------- d-----w C:\Program Files\ICQ6
2008-02-11 20:09 --------- d-----w C:\Program Files\lg_swupdate
2008-02-11 19:54 1,111,344 ----a-w C:\Windows\System32\CS.dll
2008-02-10 21:07 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Ahead
2008-02-10 12:47 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Nero
2008-02-10 12:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-10 12:41 --------- d-----w C:\ProgramData\Nero
2008-02-10 12:41 --------- d-----w C:\Program Files\Nero
2008-01-29 11:27 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Pixum
2008-01-29 11:27 --------- d-----w C:\Program Files\Pixum AG
2008-01-18 19:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 19:28 --------- d-----w C:\ProgramData\BVRP Software
2008-01-18 19:10 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\InstallShield
2008-01-18 19:10 --------- d-----w C:\ProgramData\Sony Ericsson
2008-01-18 19:10 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-18 18:50 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Teleca
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 22:50 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-06 21:59 174 --sha-w C:\Program Files\desktop.ini
2007-07-20 09:17 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-11-20 17:14 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 17:14 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 17:14 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 23:50 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"BMe3c39b22"="C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll" [2008-03-14 14:25 90688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-20 17:54 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 12:37 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 14:50 4399104 C:\Windows\RtHDVCpl.exe]
"LG Magnifier"="C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2007-03-02 21:37 112184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 16:41 845360]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [2007-03-21 19:57 2655800]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-22 10:56 337464]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [2008-02-11 20:54 247088]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-31 14:40 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-31 14:40 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-31 14:40 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 00:42 185896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\Windows\system32\bmpsap.dll [2006-12-11 14:58 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{690561C9-86F9-44A6-A214-9BC87CD12E22}"= UDP:C:\Program Files\Network Print Monitor\PSAdmin.exe:PSAdmin
"{934584AF-17FA-4F81-9E6B-4DD1C03BD978}"= TCP:C:\Program Files\Network Print Monitor\PSAdmin.exe:PSAdmin
"TCP Query User{2D5822DD-5A8F-49F3-8C3D-DB27964C02E8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BD52A74B-5659-44FA-B37A-057CFB157CF7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BCEA0379-9E36-447B-A316-8C413C02C5A9}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D826CA92-5C26-4825-A557-402D8AB0DF51}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{B8FD8168-8912-4664-93B7-7E92BFC285E5}"= UDP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{AAB41056-DD61-43A5-ACBC-657E8C9356EC}"= TCP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{C61D5CD2-3707-45F5-BB87-2A43ECD34A07}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A6B096D6-D42B-4EE7-ACC4-685CD8A740C9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{90E2563D-3FB3-4BAD-917B-148791047197}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6F60DD3F-FD1B-497C-96FC-F0D20B246C5B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{DB7EADB7-27B5-448A-9C22-E47CA373315A}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A656EBAB-40FE-4FB7-B929-A969D6EFFDFB}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{B8912E75-48B6-43B1-B751-45E17412CDB6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4C3B6A13-B3A7-42BF-8258-92F5DC9DDD25}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E83D987D-2DA1-4F70-8010-429F62A918DF}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{77158BB2-714C-43F4-869B-DB1C389BA430}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{55C21A27-90FA-4B7A-99FF-4F4F3D75A18B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{22DD853E-63D9-400A-8EB6-450BA8FDB162}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{24AF4193-3CA3-4AE0-832D-F8A1E7A475C2}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{9CC492C7-4DFC-428E-B3C1-5431FA70AEED}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{AB8DF619-AC2F-424A-A151-584B8AE8768E}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{D23AF358-205C-4B8B-8A28-0234E5DFB09D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{959300D5-D2C3-4E3A-B39F-2B4E35F13750}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15D86165-8B7C-405E-A29E-D3111279AA47}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{55A71E94-DE20-494D-B31F-FAC5559BD252}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{DCCC16F3-37C4-4E2B-9DD4-736B9FA79E6A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CCFBCDF4-352A-4FA3-99F5-5577D47470D6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{90EB9375-9DE9-46FC-810E-720044888242}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{2ACB0CE6-62A9-46F3-B20D-C6F9FCBCA27E}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-31 17:55]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 15:35]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 08:12]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 14:11]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 lgsnd_filter;lgsnd_filter;C:\Windows\system32\drivers\lgsnd_filter.sys [2005-12-14 20:30]
S3 mod7700;Hauppauge Nova-T DVB-T Tuner;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 MODRC;Hauppauge Nova-T IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LPDService REG_MULTI_SZ LPDSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b6ace9a-20e9-11dc-9b85-00e09110329c}]
\shell\AutoRun\command - .\MigWiz\migsetup.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-03-18 10:10:19 C:\Windows\Tasks\User_Feed_Synchronization-{47E8A083-0C54-4311-A2F4-0A1D148E136A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 11:14:09
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll
.
Zeit der Fertigstellung: 2008-03-18 11:14:52
.
2008-03-14 17:52:35 --- E O F ---



Vielen Dank für Deine Hilfe!!!

Hallo

1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Code: Alles auswählenAufklappen

ATTFilter

KILLALL:: 

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMe3c39b22"=-

File:: 
C:\Users\Benedikt Haag\AppData\Local\Temp\nqxnahfo.dll
C:\Users\Benedikt Haag\AppData\Local\Temp\eqtotfla.dll
C:\Users\Benedikt Haag\AppData\Local\Temp\lajtwnpl.dll
         

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

PC neustarten

»
poste das neue Log von Combofix

--------
2.
scanne , lasse alles entfenren, was gefunden wird + poste den report
Malwarebytes Anti-Malware

danke für deine schnelle antwort.
ich hab die datei erstellt, und wollte sie auf das symbol "combofox.exe" schieben. dann werde ich gefragt "öffnen mit" oder "abbrechen" - bin auf "öffnen mit". dann startet Combofix, allerdings kommt die Fehlermeldung "You cannot rename ComboFix as ComboFix. Please use another name"

Was soll ich machen?

keine Ahnung, was du da gemacht hast...wahrscheinlich hast du das script nicht richtig erstellt..oder nicht richtig benannt

hast du es cfscript.txt genannt und unter "Alle Dateien" abgespeichert ?

sorry, hatte da wohl was falsch gemacht.

ging jetzt, hier das log von combofix:


ComboFix 08-03-17.1 - Benedikt Haag 2008-03-18 12:57:30.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.387 [GMT 1:00]
ausgeführt von:: C:\Users\Benedikt Haag\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-18 bis 2008-03-18 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 22:58 --------- d-----w C:\Program Files\DivX
2008-03-15 22:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-15 18:41 --------- d-----w C:\Program Files\CCleaner
2008-03-14 23:54 --------- d-----w C:\Program Files\Java
2008-03-14 23:43 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-14 23:43 --------- d-----w C:\Program Files\Common Files\Real
2008-03-14 23:35 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-14 23:35 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\skypePM
2008-03-14 23:35 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Skype
2008-03-14 23:35 --------- d-----w C:\Program Files\Skype
2008-03-14 23:35 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-14 23:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 23:16 --------- d-----w C:\Program Files\Trend Micro
2008-03-14 22:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 14:48 --------- d-----w C:\Program Files\Avanquest update
2008-02-28 15:39 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-23 14:07 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\BitTorrent
2008-02-21 18:55 --------- d-----w C:\Program Files\iTunes
2008-02-21 18:55 --------- d-----w C:\Program Files\iPod
2008-02-21 18:54 --------- d-----w C:\Program Files\QuickTime
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\Windows\System32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\Windows\System32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-16 19:44 --------- d-----w C:\Program Files\SmartFTP Client
2008-02-16 19:43 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-02-13 12:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 12:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 12:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 12:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 10:23 --------- d-----w C:\Program Files\ICQ6
2008-02-11 20:09 --------- d-----w C:\Program Files\lg_swupdate
2008-02-11 19:54 1,111,344 ----a-w C:\Windows\System32\CS.dll
2008-02-10 21:07 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Ahead
2008-02-10 12:47 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Nero
2008-02-10 12:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-10 12:41 --------- d-----w C:\ProgramData\Nero
2008-02-10 12:41 --------- d-----w C:\Program Files\Nero
2008-01-29 11:27 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Pixum
2008-01-29 11:27 --------- d-----w C:\Program Files\Pixum AG
2008-01-18 19:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 19:28 --------- d-----w C:\ProgramData\BVRP Software
2008-01-18 19:10 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\InstallShield
2008-01-18 19:10 --------- d-----w C:\ProgramData\Sony Ericsson
2008-01-18 19:10 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-18 18:50 --------- d-----w C:\Users\Benedikt Haag\AppData\Roaming\Teleca
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 22:50 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-06 21:59 174 --sha-w C:\Program Files\desktop.ini
2007-07-20 09:17 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-11-20 17:14 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-20 17:14 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-20 17:14 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_11.14.39,21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 10:00:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-18 11:51:49 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-18 10:03:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-18 11:54:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-18 10:03:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-18 11:54:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-18 11:54:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-18 10:08:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-18 11:55:42 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-18 10:03:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-18 11:53:59 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-18 11:53:59 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-18 10:06:12 116,706 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-03-18 11:57:47 116,706 ----a-w C:\Windows\System32\perfc007.dat
- 2008-03-18 10:06:12 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-18 11:57:48 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-18 10:06:12 641,344 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-03-18 11:57:48 641,344 ----a-w C:\Windows\System32\perfh007.dat
- 2008-03-18 10:06:12 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-18 11:57:48 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-18 10:03:28 7,840 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-306069054-1507164970-828293788-1000_UserData.bin
+ 2008-03-18 11:54:28 7,840 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-306069054-1507164970-828293788-1000_UserData.bin
- 2008-03-18 10:03:28 74,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-18 11:54:28 74,596 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-18 10:03:26 50,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-18 11:54:18 50,266 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 23:50 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"BMe3c39b22"="C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll" [2008-03-14 14:25 90688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-20 17:54 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 12:37 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 14:50 4399104 C:\Windows\RtHDVCpl.exe]
"LG Magnifier"="C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2007-03-02 21:37 112184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 16:41 845360]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [2007-03-21 19:57 2655800]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-22 10:56 337464]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [2008-02-11 20:54 247088]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-31 14:40 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-31 14:40 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-31 14:40 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 00:42 185896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\Windows\system32\bmpsap.dll [2006-12-11 14:58 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{690561C9-86F9-44A6-A214-9BC87CD12E22}"= UDP:C:\Program Files\Network Print Monitor\PSAdmin.exe:PSAdmin
"{934584AF-17FA-4F81-9E6B-4DD1C03BD978}"= TCP:C:\Program Files\Network Print Monitor\PSAdmin.exe:PSAdmin
"TCP Query User{2D5822DD-5A8F-49F3-8C3D-DB27964C02E8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BD52A74B-5659-44FA-B37A-057CFB157CF7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BCEA0379-9E36-447B-A316-8C413C02C5A9}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D826CA92-5C26-4825-A557-402D8AB0DF51}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{B8FD8168-8912-4664-93B7-7E92BFC285E5}"= UDP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{AAB41056-DD61-43A5-ACBC-657E8C9356EC}"= TCP:C:\Windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{C61D5CD2-3707-45F5-BB87-2A43ECD34A07}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A6B096D6-D42B-4EE7-ACC4-685CD8A740C9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{90E2563D-3FB3-4BAD-917B-148791047197}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6F60DD3F-FD1B-497C-96FC-F0D20B246C5B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{DB7EADB7-27B5-448A-9C22-E47CA373315A}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A656EBAB-40FE-4FB7-B929-A969D6EFFDFB}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{B8912E75-48B6-43B1-B751-45E17412CDB6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4C3B6A13-B3A7-42BF-8258-92F5DC9DDD25}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E83D987D-2DA1-4F70-8010-429F62A918DF}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{77158BB2-714C-43F4-869B-DB1C389BA430}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{55C21A27-90FA-4B7A-99FF-4F4F3D75A18B}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{22DD853E-63D9-400A-8EB6-450BA8FDB162}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{24AF4193-3CA3-4AE0-832D-F8A1E7A475C2}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{9CC492C7-4DFC-428E-B3C1-5431FA70AEED}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{AB8DF619-AC2F-424A-A151-584B8AE8768E}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{D23AF358-205C-4B8B-8A28-0234E5DFB09D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{959300D5-D2C3-4E3A-B39F-2B4E35F13750}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15D86165-8B7C-405E-A29E-D3111279AA47}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{55A71E94-DE20-494D-B31F-FAC5559BD252}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{DCCC16F3-37C4-4E2B-9DD4-736B9FA79E6A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CCFBCDF4-352A-4FA3-99F5-5577D47470D6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{90EB9375-9DE9-46FC-810E-720044888242}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{2ACB0CE6-62A9-46F3-B20D-C6F9FCBCA27E}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-31 17:55]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 15:35]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 08:12]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 14:11]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 lgsnd_filter;lgsnd_filter;C:\Windows\system32\drivers\lgsnd_filter.sys [2005-12-14 20:30]
S3 mod7700;Hauppauge Nova-T DVB-T Tuner;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 MODRC;Hauppauge Nova-T IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LPDService REG_MULTI_SZ LPDSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b6ace9a-20e9-11dc-9b85-00e09110329c}]
\shell\AutoRun\command - .\MigWiz\migsetup.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-03-18 11:50:09 C:\Windows\Tasks\User_Feed_Synchronization-{47E8A083-0C54-4311-A2F4-0A1D148E136A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 13:02:28
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll
.
Zeit der Fertigstellung: 2008-03-18 13:03:08
ComboFix2.txt 2008-03-18 11:50:29
ComboFix3.txt 2008-03-18 10:14:53
.
2008-03-14 17:52:35 --- E O F ---

nix gelöscht Combofix zeigt nichts an , du hast es nicht richtig gemacht

versuche es damit:
OTMoveIt by OldTimer

öffne: OTMoveIt.exe
Kopiere rein: im linken Fenster ,wo steht:
Paste Standart List of Files/Folders to be Move

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\Benedikt Haag\AppData\Local\Temp\nqxnahfo.dll
C:\Users\Benedikt Haag\AppData\Local\Temp\eqtotfla.dll
C:\Users\Benedikt Haag\AppData\Local\Temp\lajtwnpl.dll
         

Klicke auf den Roten MoveIt!
poste das log, was erscheint

hab jetzt grad parallel noch das Malwarebytes gemacht, hier das Logfile; muss ich dann trotzdem noch das OTMoveIt machen?

Malwarebytes' Anti-Malware 1.08
Datenbank Version: 499

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 193347
Scan Dauer: 49 minute(s), 42 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)

«
ja, wende OTMoveIt an + poste das log

«
dann fixe noch mal mit hijackThis

Zitat:

O4 - HKCU\..\Run: [BMe3c39b22] Rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll ",s

+
PC neustarten

wie immer vielen Dank!
hier das Log von OTMoveIt:

DllUnregisterServer procedure not found in C:\Users\Benedikt Haag\AppData\Local\Temp\nqxnahfo.dll
C:\Users\Benedikt Haag\AppData\Local\Temp\nqxnahfo.dll NOT unregistered.
C:\Users\Benedikt Haag\AppData\Local\Temp\nqxnahfo.dll moved successfully.
File/Folder C:\Users\Benedikt Haag\AppData\Local\Temp\eqtotfla.dll not found.
File/Folder C:\Users\Benedikt Haag\AppData\Local\Temp\lajtwnpl.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03182008_191809


werd jetzt nochmal mit HijackThis fixen...

sorry, jetzt funktioniert was doch nich so, wie gewollt.

hab HijackThis ausgeführt, auch das gefixed, wie du gesagt hast.
jetzt kommt nach dem neustart aber folgende Fehlermeldung:

"Fehler beim Laden von C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll
Das angegebene Modul konnte nicht gefunden werden."

Das is ja genau die Datei, die mit HijackThis gelöscht wurde... ich check gar nichts mehr...

ja, das ist eigenartig, denn sie sollte ja aus dem Systemstart raus sei..poste bitte ein neues Log vom HijackTHis
+
wende datfindbat an - poste die logs ... sind nach Datum geordnet , kopiere nur von jedem ca. 2 Monate ab
Datfindbat

neues log vom HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:12, on 19.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.icq.com/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BMe3c39b22] Rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll",s
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

--
End of file - 7296 bytes




und hier noch die logs von datFind.bat:

Verzeichnis von c:\

19.03.2008 09:32 0 dirdat.txt
19.03.2008 09:19 1.063.378.944 hiberfil.sys
19.03.2008 09:19 1.377.304.576 pagefile.sys
18.03.2008 13:03 18.735 ComboFix.txt
08.01.2008 23:49 443.912 bootmgr

Verzeichnis von C:\Windows\system32

19.03.2008 09:27 610.142 perfh009.dat
19.03.2008 09:27 103.924 perfc009.dat
19.03.2008 09:27 641.344 perfh007.dat
19.03.2008 09:27 116.706 perfc007.dat
19.03.2008 09:27 1.461.736 PerfStringBackup.INI
19.03.2008 09:20 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
19.03.2008 09:20 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
15.03.2008 00:54 6.591 jupdate-1.6.0_05-b13.log
15.03.2008 00:43 185.944 rmoc3260.dll
15.03.2008 00:42 5.632 pndx5032.dll
15.03.2008 00:42 6.656 pndx5016.dll
14.03.2008 18:52 118 MRT.INI
05.03.2008 17:30 19.148.408 mrt.exe
22.02.2008 02:33 139.264 javaws.exe
22.02.2008 01:23 135.168 javaw.exe
22.02.2008 01:23 135.168 java.exe
21.02.2008 03:11 3.136 dtu_de.qm
21.02.2008 03:05 10.152 dsm_de.qm
21.02.2008 03:05 4.816 divxsm.tlb
21.02.2008 03:05 524.288 DivXsm.exe
21.02.2008 03:05 3.596.288 qt-dx331.dll
21.02.2008 03:05 72.440 pxhpinst.exe
21.02.2008 03:05 187.128 pxmas.dll
21.02.2008 03:05 518.904 pxdrv.dll
21.02.2008 03:05 120.056 pxcpyi64.exe
21.02.2008 03:05 64.760 pxinsa64.exe
21.02.2008 03:05 118.520 pxinsi64.exe
21.02.2008 03:05 129.784 pxafs.dll
21.02.2008 03:05 551.672 px.dll
21.02.2008 03:05 88.824 vxblock.dll
21.02.2008 03:05 1.628.920 pxsfs.dll
21.02.2008 03:05 379.640 pxwave.dll
21.02.2008 03:05 66.296 pxcpya64.exe
21.02.2008 03:05 200.704 ssldivx.dll
21.02.2008 03:05 1.044.480 libdivx.dll
21.02.2008 03:04 416 dpl100.dll.manifest
21.02.2008 03:04 416 dtu100.dll.manifest
21.02.2008 03:04 81.920 dpl100.dll
21.02.2008 03:04 196.608 dtu100.dll
21.02.2008 03:04 53.248 dpuGUI10.dll
21.02.2008 03:04 593.920 dpuGUI11.dll
21.02.2008 03:04 294.912 dpu10.dll
21.02.2008 03:04 57.344 dpv11.dll
21.02.2008 03:04 344.064 dpus11.dll
21.02.2008 03:04 294.912 dpu11.dll
21.02.2008 03:04 823.296 divx_xx0c.dll
21.02.2008 03:04 682.496 DivX.dll
21.02.2008 03:04 802.816 divx_xx11.dll
21.02.2008 03:04 823.296 divx_xx07.dll
21.02.2008 03:03 630.784 divxdec.ax
21.02.2008 03:03 156.992 DivXCodecVersionChecker.exe
21.02.2008 03:03 12.288 DivXWMPExtType.dll
21.02.2008 03:03 8.523 dpude.qm
13.02.2008 13:18 194.560 WebClnt.dll
13.02.2008 13:16 613.888 wpd_ci.dll
13.02.2008 13:16 224.824 clfs.sys
13.02.2008 13:16 19.456 cfgmgr32.dll
13.02.2008 13:16 101.888 drvinst.exe
13.02.2008 13:16 221.696 umpnpmgr.dll
13.02.2008 13:16 260.096 dpx.dll
13.02.2008 13:16 6.656 kbd106n.dll
13.02.2008 13:16 558.080 oleaut32.dll
13.02.2008 13:16 1.585.664 setupapi.dll
13.02.2008 13:16 7.168 f3ahvoas.dll
13.02.2008 13:16 12.800 batt.dll
13.02.2008 13:16 35.328 dispci.dll
13.02.2008 13:16 905.400 winresume.exe
13.02.2008 13:16 943.800 winload.exe
13.02.2008 13:16 23.552 nshhttp.dll
13.02.2008 13:16 39.424 lodctr.exe
13.02.2008 13:16 32.256 unlodctr.exe
13.02.2008 13:16 115.200 loadperf.dll
13.02.2008 13:16 17.408 prflbmsg.dll
13.02.2008 13:16 595.456 schedsvc.dll
13.02.2008 13:14 3.504.696 ntkrnlpa.exe
13.02.2008 13:14 3.470.392 ntoskrnl.exe
13.02.2008 13:14 24.064 netcfg.exe
13.02.2008 13:14 167.424 tcpipcfg.dll
13.02.2008 13:14 22.016 netiougc.exe
13.02.2008 13:14 4.247.552 GameUXLegacyGDFs.dll
13.02.2008 13:14 1.686.528 gameux.dll
13.02.2008 13:11 180.736 ieui.dll
13.02.2008 13:11 6.066.176 ieframe.dll
13.02.2008 13:11 478.208 mshtmled.dll
13.02.2008 13:11 3.592.192 mshtml.dll
13.02.2008 13:11 1.383.424 mshtml.tlb
13.02.2008 13:11 44.544 pngfilt.dll
13.02.2008 13:11 124.928 advpack.dll
13.02.2008 13:11 824.832 wininet.dll
13.02.2008 13:11 27.648 jsproxy.dll
13.02.2008 13:11 1.159.680 urlmon.dll
13.02.2008 13:11 383.488 ieapfltr.dll
13.02.2008 13:11 214.528 dxtrans.dll
13.02.2008 13:11 347.136 dxtmsft.dll
13.02.2008 13:11 671.232 mstime.dll
13.02.2008 13:11 63.488 icardie.dll
13.02.2008 13:11 1.831.424 inetcpl.cpl
13.02.2008 13:11 26.624 ieUnatt.exe
13.02.2008 13:11 70.656 ie4uinit.exe
13.02.2008 13:11 44.544 iernonce.dll
13.02.2008 13:11 56.320 iesetup.dll
11.02.2008 20:55 251.184 GijabiAU.ocx
11.02.2008 20:55 447.792 GijabiAUSetup.ocx
11.02.2008 20:54 1.111.344 CS.dll
10.02.2008 13:46 188 MsiExec.exe.log

Verzeichnis von C:\Windows

19.03.2008 09:26 1.782.322 WindowsUpdate.log
19.03.2008 09:19 67.584 bootstat.dat
18.03.2008 22:56 12 bthservsdp.dat
18.03.2008 13:56 151.538.182 MEMORY.DMP
18.03.2008 13:55 1.288 PFRO.log
18.03.2008 13:02 215 system.ini
21.02.2008 19:56 1.409 QTFont.for
21.02.2008 19:56 54.156 QTFont.qfn
11.02.2008 21:09 877 lgcenter.ini
11.02.2008 21:08 10.356 lg_up.ini

Verzeichnis von C:\Users\BENEDI~1\AppData\Local\Temp

19.03.2008 09:26 692 jusched.log
19.03.2008 09:22 0 JETF823.tmp
19.03.2008 09:22 16.384 ~DFFDB.tmp
19.03.2008 09:21 16.384 ~DFD650.tmp
19.03.2008 09:21 31.832 Benedikt Haag.bmp
18.03.2008 22:55 249.965 imageio47864.tmp
18.03.2008 20:55 208 java_install_reg.log
18.03.2008 19:45 16.384 ~DF9D9A.tmp
18.03.2008 19:44 1.328 wmplog02.sqm
18.03.2008 19:28 16.384 ~DF4D74.tmp
18.03.2008 19:26 1.592 wmplog01.sqm
18.03.2008 15:04 1.908 wmplog00.sqm
18.03.2008 13:58 16.384 ~DF4E87.tmp
18.03.2008 13:58 16.384 ~DF43A8.tmp
18.03.2008 13:49 4.374 ~WRS0000.tmp
18.03.2008 13:48 512 ~DFF8D6.tmp
18.03.2008 13:48 512 ~DFD661.tmp
18.03.2008 13:48 512 ~DFCCBC.tmp
18.03.2008 13:07 32.768 ~DF5DEE.tmp
18.03.2008 13:03 0 JET51C7.tmp
18.03.2008 12:54 16.384 ~DF5ECE.tmp


Wie immer, tausend dank für deine Hilfe!!!

Hallo

das muss mit HijackThis gefixt werden, dann den Rechner neustarten

Zitat:

O4 - HKCU\..\Run: [BMe3c39b22] Rundll32.exe "C:\Users\BENEDI~1\AppData\Local\Temp\nqxnahfo.dll ",s

zum Prüfen:
Start --> Ausführen-->cmd (eingeben) --> Gebe dort genauso ein: (abkopieren von hier)

Code: Alles auswählenAufklappen

ATTFilter

reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
         

-> Enter drücken--> Werden dort der versteckte Wert BMe3c39b22 angezeigt, dann lösche diesen so:

Code: Alles auswählenAufklappen

ATTFilter

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BMe3c39b22