Seit gestern passieren auf meinem Rechner seltsame Dinge. Spybot Search&Destroy läßt ständig Meldungen aufpoppen, die besagen, daß Registrierungseinträge geändert werden, wenn ich es zuließe (lasse ich natürlich nicht zu). Der IE springt selbstständig an und verbindet mich mit Seiten, die angeblich meinen Rechner von einem Virus befreien können, der ihn befallen hat.

Auf demDesktop gibt es drei neue Verknüpfungen:
Error Cleaner, Privacy Protector, Spyware&Malware Protection
Die Eigenschaften dieser Icons zeigen, daß es sich um Links handelt:
h**p://viruswebprotect.com/shandler.php?sid=502&said=0&aid=454&pn=5&sg=1
h**p://viruswebprotect.com/shandler.php?sid=502&said=0&aid=454&pn=5&sg=0
h**p://viruswebprotect.com/shandler.php?sid=502&said=0&aid=454&pn=5&sg=2

Spybot S&D erwähnt immer wieder dies:
Kategorie: Shell Services
Änderung: Wert hinzugefügt
Eintrag: altvxvm

Durch meinen Klick auf "Verweigern" erhalte ich die Meldung, daß der Vorgang blockiert wurde.

Beim Scan mit HijackThis erschien diese Popup- Meldung auf dunkelblauem Hintergrund: WISE deinstallieren
Ungültge INSTALL.LOG-Datei

Das konnte ich nur durch einen Klick auf den OK-Button wieder schließen. Danach wurde mir aber die Installlog-Datei angezeigt.

Ich hoffe, diese Beschreibungen können zur Analyse der untenstehdnen Angaben beitragen.

Vielen Dank im Voraus für Eure Hilfe!

Ciao, Thomas

-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:35, on 17.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Tools&More\WinExit-Pro\winexit.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\PhraseExpress\PhraseExpress.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\FirefoxPreloader\FirefoxPreloader.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programme\GPGrelay\GPGrelay.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\Programme\HijckThis\HiJackThis202.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.google.de/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.de/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://www.google.de/keyword/%s
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GNX Rolex - {6D7990CB-1D01-4554-9EED-75BDC6406FC2} - C:\WINDOWS\drnpfdxsfn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: FBFBar - {982E186D-7E13-45ac-9789-50B535246E28} - C:\Programme\FRITZ!Box Monitor\fbfbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Zonelink iClip Recorder - {6D685611-B7A8-4B4C-A161-346390B5189C} - C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PhraseExpress] C:\Programme\PhraseExpress\PhraseExpress.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GPGrelay.lnk = C:\Programme\GPGrelay\GPGrelay.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Programme\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview-Tool - h**p://pagead2.googlesyndication.com/pagead/preview/de/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://www.seb-banking.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} (PPI Chipcard-Browser-Plugin) - h**ps://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin123.cab
O21 - SSODL: bokpkov - {194AF025-DCD4-4E61-8BF8-9DC93EC69984} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: SrvDrv - {baa8c74c-43b5-453b-ab33-285fa8b45603} - C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}\SrvDrv.dll
O21 - SSODL: altvxvm - {70BFF516-9E58-4723-BA90-9FB1A564600F} - C:\WINDOWS\altvxvm.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender10\vsserv.exe
O23 - Service: WinExit-Service-Launcher - Wirth New Media Sarl - C:\Programme\Tools&More\WinExit-Pro\Winexit-Service-Launcher.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 15893 bytes

Zitat:

Seit gestern passieren auf meinem Rechner seltsame Dinge.... und verbindet mich mit Seiten, die angeblich meinen Rechner von einem Virus befreien können, der ihn befallen hat.

Du hast Dir gestern nicht rein zufällig einen angeblichen Codec installiert, um gewisse Filme sehen zu können?
Aber ist auch egal, das klingt deiner Beschreibung nach sehr nach Zlob, evtl kann es auch ein Vundo sein. Werte mal diese Dateien bei Virustotal aus und poste die Ergebnisse incl md5/sha1:

C:\WINDOWS\drnpfdxsfn.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\altvxvm.dll

Folge mal meiner Sig und klick auf diese verlinkten Tools, beachte die Anleitungen und poste die Logs:

1.) Blacklight
2.) Silentrunners
3.) combofix

Zitat:

Zitat von root24

Du hast Dir gestern nicht rein zufällig einen angeblichen Codec installiert, um gewisse Filme sehen zu können?

No, garantiert nicht. Ich weiß noch nicht einmal, was ein Codec ist. Ich kenne den Ausdruck nur im Zusammenhang mit Software, um eigene Videos zu bearbeiten (seit einem Monat habe ich eine Videokamera).

Aber jetzt erst mal vielen Dank, daß Du Dich meines Problems annimmst!

Der 1. Schritt, die Auswertung der 3 Dateien bei Virustotal, brachte diese Ergebnisse:

C:\WINDOWS\drnpfdxsfn.dll

File size: 221184 bytes
MD5: adb79e48ca57a904d2070740fadd0138
SHA1: 27a6f78e3344b076fba1c5fcd28e1fa1074ce62c
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=92F4B65000855DED605D034BCD13EC008075D15A


C:\WINDOWS\bokpkov.dll

File size: 221184 bytes
MD5: 98cf33b8630acfa30c9fe975a6956cb2
SHA1: 35a5b679f72678a6b6ab9bddb28d187eb2c67e92
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E37CBFFE00864886605D03473AE7BF00BA42F05F



C:\WINDOWS\altvxvm.dll

File size: 241664 bytes
MD5: 040e636bfb25bdad86c39ba0ecfeb749
SHA1: 7c8a37129bf777bcbbde8280a3f79b2b6418370a
PEiD: -


Außerdem wurde mir noch angezeigt, welche Scanprogramme welche Resultate brachten. Soll ich das auch noch posten?

Als nächstes werde ich die drei von Dir genannten Tools arbeiten lassen und dann die Resultate ins nächste Posting setzen.

Vielen Dank für Deine Hilfe!

Ergebnis von Silentrunners, 1. Hälfte (ich mußte den Text kürzen):

"Silent Runners.vbs", revision 56, h**p://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\wcescomm.exe"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"SystemTray" = "SysTray.Exe" [MS]
"BDMCon" = ""C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]
"BDAgent" = ""C:\Programme\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"TrueImageMonitor.exe" = "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" ["Acronis"]
"Acronis Scheduler2 Service" = ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]
"PhraseExpress" = "C:\Programme\PhraseExpress\PhraseExpress.exe" ["Bartels Media"]
"Spamihilator" = ""C:\Programme\Spamihilator\spamihilator.exe"" ["Michel Krämer"]
"AVMFBoxMonitor" = ""C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"" ["AVM Berlin"]
"SetDefPrt" = "C:\Programme\Brother\Brmfl04b\BrStDvPt.exe" ["Brother Industories, Ltd."]
"ControlCenter2.0" = "C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HelperObject Class"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{0B660087-931C-4056-A04F-0423890E40B6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PreispiratenSearchURL"
\InProcServer32\(Default) = "C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{6D7990CB-1D01-4554-9EED-75BDC6406FC2}\(Default) = (no title provided)
-> {HKLM...CLSID} = "GNX Rolex"
\InProcServer32\(Default) = "C:\WINDOWS\drnpfdxsfn.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{84B94901-3645-4D80-A6B7-4D0050B19455}\(Default) = (no title provided)
-> {HKLM...CLSID} = "metaspinner media GmbH"
\InProcServer32\(Default) = "C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{CD9B7762-DFBC-42B1-BB30-02A78287B456}\(Default) = (no title provided)
-> {HKLM...CLSID} = "metaspinner media GmbH"
\InProcServer32\(Default) = "C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll" [null data]
{D3AA56A9-8137-4950-A6F9-D0190A82AF2A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "metaspinner media GmbH"
\InProcServer32\(Default) = "C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{DB83BC37-4AC3-49D9-B397-2E46D166B6D0}" = "Quick Uninstall Start Menu Extension"
-> {HKLM...CLSID} = "Quick Uninstall Start Menu Extension"
\InProcServer32\(Default) = "C:\Programme\Tidy Start Menu\qUninstall.dll" ["SprigSoft"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
"{55D1FC7D-474E-4154-96D0-472EBBD2E835}" = "PdfGrabber Context Menu Shell Extension"
-> {HKLM...CLSID} = "PdfGrabber Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PdfGrabberShellExt.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{FCF608CF-5716-47C3-A1A8-991D873AF72B}" = "Delphi Context Menu Shell Extension Example"
-> {HKLM...CLSID} = "Delphi Context Menu Shell Extension Example"
\InProcServer32\(Default) = "C:\Programme\Exifer\exifershellext.dll" [null data]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Studio.Project"
\InProcServer32\(Default) = "C:\Programme\Pinnacle\Studio 11\programs\BlueShellExt.dll" [null data]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobiles Gerät"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
"bokpkov" = "{194AF025-DCD4-4E61-8BF8-9DC93EC69984}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\bokpkov.dll" [null data]
"SrvDrv" = "{baa8c74c-43b5-453b-ab33-285fa8b45603}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}\SrvDrv.dll" [null data]
"altvxvm" = "{7AFEBDF1-56F8-4CCB-89BD-51D303E0A5A1}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\altvxvm.dll" [null data]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"relog_ap"

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
GPGee\(Default) = "{A0820A59-3343-450B-A902-B481029CD9E8}"
-> {HKLM...CLSID} = "GNU Privacy Guard Explorer Extension"
\InProcServer32\(Default) = "C:\Programme\GNU\GnuPG\GPGee.dll" ["Kurt Fitzner <kfitzner@excelcia.org>"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\UltraEdit\ue32ctmn.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {HKLM...CLSID} = "RtClkCtxMenu Class"
\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
GPGee\(Default) = "{A0820A59-3343-450B-A902-B481029CD9E8}"
-> {HKLM...CLSID} = "GNU Privacy Guard Explorer Extension"
\InProcServer32\(Default) = "C:\Programme\GNU\GnuPG\GPGee.dll" ["Kurt Fitzner <kfitzner@excelcia.org>"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
ContMenu\(Default) = "{FCF608CF-5716-47C3-A1A8-991D873AF72B}"
-> {HKLM...CLSID} = "Delphi Context Menu Shell Extension Example"
\InProcServer32\(Default) = "C:\Programme\Exifer\exifershellext.dll" [null data]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP10\WZSHLSTB.DLL" ["WinZip Computing LP"]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {HKLM...CLSID} = "RtClkCtxMenu Class"
\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_BINARY) hex:00 00 00 00
{Disable Active Desktop}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{Don't save settings at exit}

"ClearRecentDocsOnExit" = (REG_BINARY) hex:00 00 00 00
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) dword:0x00000001
{Remove Task Manager}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = (value not set)


Startup items in "vorinstall" & "All Users" startup folders:
------------------------------------------------------------

C:\Dokumente und Einstellungen\vorinstall\Startmenü\Programme\Autostart
"GPGrelay" -> shortcut to: "C:\Programme\GPGrelay\GPGrelay.exe" [".tSCc. - h**p://tscc.atari.org"]
"HotSync Manager" -> shortcut to: "C:\Programme\Sony Handheld\HOTSYNC.EXE" ["Palm, Inc."]
"SonyPDA USB Switcher" -> shortcut to: "C:\Programme\Sony Handheld\USBSwt.exe" ["Sony Corporation"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Firefox Preloader" -> shortcut to: "C:\Programme\FirefoxPreloader\FirefoxPreloader.exe" ["6XGate Incorporated"]
"Status Monitor" -> shortcut to: "C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe Brother MFC-5440CN /STARTUP" ["Brother Industries, Ltd."]

Silentrunners, 2. Teil:

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2008\OneClick.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{6D685611-B7A8-4B4C-A161-346390B5189C}"
-> {HKLM...CLSID} = "Zonelink iClip Recorder"
\InProcServer32\(Default) = "C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{982E186D-7E13-45AC-9789-50B535246E28}" = "FBFBar"
-> {HKLM...CLSID} = "FBFBar"
\InProcServer32\(Default) = "C:\Programme\FRITZ!Box Monitor\fbfbar.dll" ["AVM Berlin"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{6D685611-B7A8-4B4C-A161-346390B5189C}" = (no title provided)
-> {HKLM...CLSID} = "Zonelink iClip Recorder"
\InProcServer32\(Default) = "C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL" [null data]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Recherchieren"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{2638A03E-1669-43BE-8119-B47087629A7F}\
"ButtonText" = "Preispiraten 2.5"
"Exec" = "C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe" [null data]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"" ["Acronis"]
Adobe Active File Monitor V6, AdobeActiveFileMonitor6.0, "C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe" [null data]
Apple Mobile Device, Apple Mobile Device, ""C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]
Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."]
BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]
CHIPDRIVE SCARD Service, TWKSCARDSRV, "C:\WINDOWS\SCARDS32.EXE" ["SCM Microsystems"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared Files\RichVideo.exe"" [empty string]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" ["AVM Berlin GmbH"]
FRITZ!fax Port Monitor\Driver = "FritzPort.dll" ["AVM Berlin GmbH"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]
Redirected Port\Driver = "redmonnt.dll" [null data]
VSP1:\Driver = "vsmon1.dll" [null data]


---------- (launch time: 2008-03-17 23:43:03)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 162 seconds, including 18 seconds for message boxes)

Blacklight sagt:
Scan complete, no hidden items found.

Resulktat der Combobox folgt.

Logfile von Combofix sagt:

ComboFix 08-03-17.1 - vorinstall 2008-03-18 0:42:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1479 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\vorinstall\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\vorinstall\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\vorinstall\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\vorinstall\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Spyware&Malware Protection.url
.
---- Previous Run -------
.
C:\Dokumente und Einstellungen\vorinstall\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\vorinstall\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\vorinstall\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\vorinstall\Favoriten\Spyware&Malware Protection.url
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-17 bis 2008-03-17 ))))))))))))))))))))))))))))))
.

2008-03-17 16:52 . 2008-03-17 18:37 <DIR> d-------- C:\Programme\HijckThis
2008-03-17 07:34 . 2008-03-17 07:34 16,520 -r-hs---- C:\Programme\tmp1.exe
2008-03-17 00:12 . 2008-03-17 00:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 00:12 . 2008-03-17 00:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 23:34 . 2008-03-16 23:34 16,520 -r-hs---- C:\Programme\tmp0.exe
2008-03-16 23:33 . 2008-03-16 16:35 241,664 --a------ C:\WINDOWS\altvxvm.dll
2008-03-16 23:33 . 2008-03-16 16:35 221,184 --a------ C:\WINDOWS\drnpfdxsfn.dll
2008-03-16 23:33 . 2008-03-16 16:35 221,184 --a------ C:\WINDOWS\bokpkov.dll
2008-03-16 23:33 . 2008-03-16 16:35 176,128 --a------ C:\WINDOWS\etlrlws.dll
2008-03-16 23:33 . 2008-03-16 16:35 98,304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-16 23:33 . 2008-03-16 23:33 21,644 --a------ C:\Programme\antiviirus.exe
2008-03-16 18:15 . 2008-03-16 18:15 <DIR> d-------- C:\Programme\SBSH
2008-03-15 21:50 . 2008-03-16 01:30 891 --a------ C:\WINDOWS\Edit.000
2008-03-15 09:41 . 2008-03-15 09:41 <DIR> d-------- C:\Programme\FlexMail
2008-03-15 00:12 . 2008-03-15 00:12 <DIR> d-------- C:\Programme\PocketTune
2008-03-13 18:39 . 2008-03-13 18:39 <DIR> d-------- C:\Programme\Windows Mobile-Ressourcen
2008-03-13 14:07 . 2008-03-13 14:07 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-03-13 14:07 . 2008-03-13 14:07 71,097 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-03-13 14:07 . 2008-03-13 14:07 1,050 --a------ C:\WINDOWS\system32\setup.inf
2008-03-13 14:07 . 2008-03-13 14:07 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-03-12 14:53 . 2008-03-12 14:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 14:53 . 2008-03-12 14:53 2,551 --a------ C:\WINDOWS\unins000.dat
2008-03-03 19:27 . 2008-03-03 19:27 <DIR> d-------- C:\WINDOWS\Agenda Fusion for Pocket PC
2008-03-03 19:27 . 2008-03-03 19:27 <DIR> d-------- C:\Programme\Agenda Fusion for Pocket PC
2008-02-29 23:42 . 2008-02-29 23:42 <DIR> d-------- C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\Nero
2008-02-29 23:42 . 2008-02-29 23:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
2008-02-29 23:41 . 2008-02-29 23:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-02-29 23:33 . 2008-02-29 23:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-02-29 23:33 . 2008-02-29 23:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-02-28 18:26 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-02-28 18:26 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-02-28 18:25 . 2008-03-16 18:09 <DIR> d-------- C:\Programme\Microsoft ActiveSync
2008-02-28 10:08 . 2008-02-28 10:08 90,112 --a------ C:\WINDOWS\system32\MBLINK.OCX
2008-02-28 10:07 . 2008-02-28 10:07 <DIR> d-------- C:\Programme\Net Concept 24
2008-02-21 23:50 . 2008-02-21 23:50 65 --a------ C:\WINDOWS\EasyCash.ini
2008-02-21 23:28 . 2008-02-21 23:50 179 --a------ C:\WINDOWS\EasyCT.INI
2008-02-21 23:25 . 2008-02-21 23:50 <DIR> d-------- C:\Programme\EasyCash&Tax
2008-02-18 08:25 . 2008-02-18 08:25 <DIR> d-------- C:\Programme\SIW

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:51 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\GPGrelay
2008-03-17 22:40 --------- d-----w C:\Programme\The Bat!
2008-03-17 22:37 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\Spamihilator
2008-03-17 22:01 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\The Bat!
2008-03-12 14:39 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-03-12 13:56 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-03-11 23:27 --------- d-----w C:\Programme\StarMoney 6.0
2008-02-29 22:33 --------- d-----w C:\Programme\Nero
2008-02-29 18:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead
2008-02-29 16:33 --------- d-----w C:\Programme\DHTML Menu Builder
2008-02-27 17:23 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\PhraseExpress
2008-02-27 17:18 --------- d-----w C:\Programme\PhraseExpress
2008-02-27 17:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress
2008-02-22 08:16 --------- d-----w C:\Programme\Gothic III
2008-02-22 08:15 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-16 07:44 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-15 21:02 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-02-15 07:26 --------- d-----w C:\Programme\FRITZ!Box Monitor
2008-02-12 16:10 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
2008-02-12 16:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
2008-02-12 16:06 --------- d-----w C:\Programme\Pinnacle
2008-02-12 15:55 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\InstallShield
2008-02-12 15:48 --------- d-----w C:\Programme\DivX
2008-02-12 15:23 --------- d-----w C:\Programme\SmartSound Software
2008-02-12 15:23 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
2008-02-12 11:05 --------- d-----w C:\Programme\Tweak-XP Pro 4
2008-02-12 07:33 --------- d-----w C:\Programme\Tools&More
2008-02-10 07:47 --------- d-----w C:\Programme\ISCLIE
2008-01-27 14:26 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-01-27 14:25 --------- d-----w C:\Programme\Ulead Systems
2008-01-27 14:25 --------- d-----w C:\Programme\Gemeinsame Dateien\Ulead Systems
2008-01-25 16:44 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\Canon
2008-01-23 17:17 --------- d-----w C:\Programme\Acoustica MP3 CD Burner
2008-01-23 17:01 --------- d-----w C:\Programme\audiograbber
2008-01-22 13:22 --------- d-----w C:\Programme\40tude Dialog
2008-01-19 16:10 --------- d-----w C:\Programme\eBay
2008-01-17 14:14 --------- d-----w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\Sibelius Software
2008-01-17 13:54 --------- d-----w C:\Programme\Sibelius Software
2007-11-30 23:25 30 -c--a-w C:\Programme\Exiferupdate.ini
2007-04-09 19:49 130 ----a-w C:\Dokumente und Einstellungen\All Users\pcwCleaner.REG
2006-11-02 14:29 111,616 ----a-w C:\Dokumente und Einstellungen\vorinstall\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-08-03 10:23 457 ----a-w C:\Programme\INSTALL.LOG
2006-06-20 08:40 604 ---ha-w C:\Programme\STLL Notifier
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2001-11-23 20:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll
2007-09-28 16:57 6,275,816 ----a-w C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-09-28 16:57 6,275,816 ----a-w C:\Programme\opera\program\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B660087-931C-4056-A04F-0423890E40B6}]
2005-03-18 11:18 129536 --a------ C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7990CB-1D01-4554-9EED-75BDC6406FC2}]
2008-03-16 16:35 221184 --a------ C:\WINDOWS\drnpfdxsfn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6D685611-B7A8-4B4C-A161-346390B5189C}"= "C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL" [2007-12-10 13:04 911360]

[HKEY_CLASSES_ROOT\clsid\{6d685611-b7a8-4b4c-a161-346390b5189c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6D685611-B7A8-4B4C-A161-346390B5189C}"= C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL [2007-12-10 13:04 911360]

[HKEY_CLASSES_ROOT\clsid\{6d685611-b7a8-4b4c-a161-346390b5189c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:50 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"SystemTray"="SysTray.Exe" [2004-08-04 13:00 3072 C:\WINDOWS\system32\systray.exe]
"BDMCon"="C:\Programme\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 12:51 290816]
"BDAgent"="C:\Programme\Softwin\BitDefender10\bdagent.exe" [2007-03-29 13:15 69632]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-16 16:05 1009806]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2005-11-16 16:05 118784]
"PhraseExpress"="C:\Programme\PhraseExpress\PhraseExpress.exe" [2008-01-29 18:47 2550888]
"Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe" [2007-08-17 16:24 716800]
"AVMFBoxMonitor"="C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2007-05-08 02:00 1482752]
"SetDefPrt"="C:\Programme\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Programme\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-30 19:30 23552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"= {194AF025-DCD4-4E61-8BF8-9DC93EC69984} - C:\WINDOWS\bokpkov.dll [2008-03-16 16:35 221184]
"SrvDrv"= {baa8c74c-43b5-453b-ab33-285fa8b45603} - C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}\SrvDrv.dll [2008-03-16 23:33 18670]
"altvxvm"= {AAAA97F1-6629-4E11-BF49-D50A11462F8C} - C:\WINDOWS\altvxvm.dll [2008-03-16 16:35 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ISDNWatch.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkvMon.exe.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^vorinstall^Startmenü^Programme^Autostart^FAXRX.lnk]
path=C:\Dokumente und Einstellungen\vorinstall\Startmenü\Programme\Autostart\FAXRX.lnk
backup=C:\WINDOWS\pss\FAXRX.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^vorinstall^Startmenü^Programme^Autostart^PhraseExpress.lnk]
path=C:\Dokumente und Einstellungen\vorinstall\Startmenü\Programme\Autostart\PhraseExpress.lnk
backup=C:\WINDOWS\pss\PhraseExpress.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^vorinstall^Startmenü^Programme^Autostart^Windows Privacy Tray.lnk]
path=C:\Dokumente und Einstellungen\vorinstall\Startmenü\Programme\Autostart\Windows Privacy Tray.lnk
backup=C:\WINDOWS\pss\Windows Privacy Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-11 23:57 2321600 C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2006-06-19 13:51 233512 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMFBoxMonitor]
--a------ 2007-05-08 02:00 1482752 C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]
--a------ 2001-12-05 16:47 147456 C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a--c--- 2002-01-29 01:16 1228800 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 C:\Programme\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2007-10-30 19:30 23552 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-07-28 22:05 277328 C:\Programme\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
--------- 2006-11-22 21:10 151552 C:\Programme\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Foxmail-Hotmail Proxy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
--a------ 2007-06-26 19:27 312320 C:\Programme\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:50 1289000 C:\PROGRA~1\MICROS~4\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-03-09 15:15 40960 C:\Programme\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klickIdentPP.exe]
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a------ 2007-05-31 16:17 3039232 C:\Programme\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
--a------ 2007-06-18 15:59 126976 C:\Programme\phonostar\ps_timer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Programme\Desktop Sidebar\dsidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypingSatellite]
--a------ 2005-01-11 09:47 761856 C:\Programme\TypingMaster\KBOOST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesktop]
--a------ 2004-09-28 02:00 70144 C:\Programme\Tweak-XP Pro 4\virtuald.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
--a------ 2006-05-04 05:58 998912 C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XSubst]
--a------ 2007-07-07 13:21 245760 C:\Programme\XSubst\XSubst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-03-22 16:27 1818624 E:\Downloads\Yod'm3D\yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Sony Handheld\\HOTSYNC.EXE"=
"C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Programme\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Media Player Classic\\mplayerc.exe"=
"E:\\Downloads\\Adobe Acrobat Reader\\utorrent.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Programme\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Programme\\PhraseExpress\\PhraseExpress.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
"2008-03-14 16:51:41 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 00:50:43
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\bokpkov.dll
-> C:\WINDOWS\altvxvm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Tools&More\WinExit-Pro\winexit.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\FirefoxPreloader\FirefoxPreloader.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programme\GPGrelay\GPGrelay.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-18 0:59:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 23:59:46
.
2008-03-12 08:47:08 --- E O F ---



############################################

Kannst Du tatsächlich mt diesen vielen Angaben etwas anfangen? Wahrscheinlich schon, denn Du wirst wissen, wonach man suchen muß. Habe schon mal im Voraus vielen Dank für Deine Hilfe!

Hallo

Information
antiviirus.exe / tmp0.exe löschen

------------------------------------------------------------------------------------------

deaktiviere kurzzeitig den Search & Destroy\TeaTimer.exe

1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Code: Alles auswählenAufklappen

ATTFilter

KILLALL:: 

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7990CB-1D01-4554-9EED-75BDC6406FC2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"=-
"SrvDrv"=-
"altvxvm"=-

File:: 
C:\Programme\tmp1.exe
C:\Programme\tmp0.exe
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\drnpfdxsfn.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\Programme\antiviirus.exe

Folder:: 
C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}
         

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

PC neustarten

poste hier das neue Log von Combofix zur Überprüfung

---------------

2.
wende sdfix an (funktioniert nur im abgesicherten Modus)
SDFix

poste hier den report


3.
scanne, lasse alles, was gefunden wird entfernen + poste den report
Malwarebytes Anti-Malware


«

Hi Sabina!

ad 1:
Combofix mit cfscript-Modifikation:

ComboFix 08-03-17.1 - ************* 2008-03-18 16:42:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1431 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\*************\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Dokumente und Einstellungen\*************\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\*************\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\*************\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\*************\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\*************\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\*************\Favoriten\Spyware&Malware Protection.url
C:\Programme\antiviirus.exe
C:\Programme\tmp0.exe
C:\Programme\tmp1.exe
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxsfn.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}
C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}\SrvDrv.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-18 bis 2008-03-18 ))))))))))))))))))))))))))))))
.

2008-03-18 01:45 . 2008-03-18 01:45 85 --a------ C:\WINDOWS\wininit.ini
2008-03-17 16:52 . 2008-03-17 18:37 <DIR> d-------- C:\Programme\HijckThis
2008-03-16 18:15 . 2008-03-16 18:15 <DIR> d-------- C:\Programme\SBSH
2008-03-15 21:50 . 2008-03-16 01:30 891 --a------ C:\WINDOWS\Edit.000
2008-03-15 09:41 . 2008-03-15 09:41 <DIR> d-------- C:\Programme\FlexMail
2008-03-15 00:12 . 2008-03-15 00:12 <DIR> d-------- C:\Programme\PocketTune
2008-03-13 18:39 . 2008-03-13 18:39 <DIR> d-------- C:\Programme\Windows Mobile-Ressourcen
2008-03-13 14:07 . 2008-03-13 14:07 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-03-13 14:07 . 2008-03-13 14:07 71,097 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-03-13 14:07 . 2008-03-13 14:07 1,050 --a------ C:\WINDOWS\system32\setup.inf
2008-03-13 14:07 . 2008-03-13 14:07 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-03-12 14:53 . 2008-03-12 14:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 14:53 . 2008-03-12 14:53 2,551 --a------ C:\WINDOWS\unins000.dat
2008-03-03 19:27 . 2008-03-03 19:27 <DIR> d-------- C:\WINDOWS\Agenda Fusion for Pocket PC
2008-03-03 19:27 . 2008-03-03 19:27 <DIR> d-------- C:\Programme\Agenda Fusion for Pocket PC
2008-02-29 23:42 . 2008-02-29 23:42 <DIR> d-------- C:\Dokumente und Einstellungen\*************\Anwendungsdaten\Nero
2008-02-29 23:42 . 2008-02-29 23:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
2008-02-29 23:41 . 2008-02-29 23:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-02-29 23:33 . 2008-02-29 23:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-02-29 23:33 . 2008-02-29 23:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-02-28 18:26 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-02-28 18:26 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-02-28 18:25 . 2008-03-16 18:09 <DIR> d-------- C:\Programme\Microsoft ActiveSync
2008-02-28 10:08 . 2008-02-28 10:08 90,112 --a------ C:\WINDOWS\system32\MBLINK.OCX
2008-02-28 10:07 . 2008-02-28 10:07 <DIR> d-------- C:\Programme\Net Concept 24
2008-02-21 23:50 . 2008-02-21 23:50 65 --a------ C:\WINDOWS\EasyCash.ini
2008-02-21 23:28 . 2008-02-21 23:50 179 --a------ C:\WINDOWS\EasyCT.INI
2008-02-21 23:25 . 2008-02-21 23:50 <DIR> d-------- C:\Programme\EasyCash&Tax
2008-02-18 08:25 . 2008-02-18 08:25 <DIR> d-------- C:\Programme\SIW

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 15:37 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\GPGrelay
2008-03-18 12:11 --------- d-----w C:\Programme\The Bat!
2008-03-18 12:08 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\Spamihilator
2008-03-18 12:03 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\The Bat!
2008-03-12 14:39 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-03-12 13:56 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-03-11 23:27 --------- d-----w C:\Programme\StarMoney 6.0
2008-02-29 22:33 --------- d-----w C:\Programme\Nero
2008-02-29 18:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead
2008-02-29 16:33 --------- d-----w C:\Programme\DHTML Menu Builder
2008-02-27 17:23 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\PhraseExpress
2008-02-27 17:18 --------- d-----w C:\Programme\PhraseExpress
2008-02-27 17:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress
2008-02-22 08:16 --------- d-----w C:\Programme\Gothic III
2008-02-22 08:15 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-16 07:44 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-15 21:02 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-02-15 07:26 --------- d-----w C:\Programme\FRITZ!Box Monitor
2008-02-12 16:10 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
2008-02-12 16:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
2008-02-12 16:06 --------- d-----w C:\Programme\Pinnacle
2008-02-12 15:55 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\InstallShield
2008-02-12 15:48 --------- d-----w C:\Programme\DivX
2008-02-12 15:23 --------- d-----w C:\Programme\SmartSound Software
2008-02-12 15:23 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
2008-02-12 11:05 --------- d-----w C:\Programme\Tweak-XP Pro 4
2008-02-12 07:33 --------- d-----w C:\Programme\Tools&More
2008-02-10 07:47 --------- d-----w C:\Programme\ISCLIE
2008-01-27 14:26 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-01-27 14:25 --------- d-----w C:\Programme\Ulead Systems
2008-01-27 14:25 --------- d-----w C:\Programme\Gemeinsame Dateien\Ulead Systems
2008-01-25 16:44 --------- d-----w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\Canon
2008-01-23 17:17 --------- d-----w C:\Programme\Acoustica MP3 CD Burner
2008-01-23 17:01 --------- d-----w C:\Programme\audiograbber
2008-01-22 13:22 --------- d-----w C:\Programme\40tude Dialog
2008-01-19 16:10 --------- d-----w C:\Programme\eBay
2007-11-30 23:25 30 -c--a-w C:\Programme\Exiferupdate.ini
2007-04-09 19:49 130 ----a-w C:\Dokumente und Einstellungen\All Users\pcwCleaner.REG
2006-11-02 14:29 111,616 ----a-w C:\Dokumente und Einstellungen\*************\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-08-03 10:23 457 ----a-w C:\Programme\INSTALL.LOG
2006-06-20 08:40 604 ---ha-w C:\Programme\STLL Notifier
2007-09-28 16:57 6,275,816 ----a-w C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-09-28 16:57 6,275,816 ----a-w C:\Programme\opera\program\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_ 0.58.43.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-17 23:48:54 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2008-03-18 15:47:50 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B660087-931C-4056-A04F-0423890E40B6}]
2005-03-18 11:18 129536 --a------ C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6D685611-B7A8-4B4C-A161-346390B5189C}"= "C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL" [2007-12-10 13:04 911360]

[HKEY_CLASSES_ROOT\clsid\{6d685611-b7a8-4b4c-a161-346390b5189c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6D685611-B7A8-4B4C-A161-346390B5189C}"= C:\PROGRA~1\zoneLINK\ICLIPR~1\ICLIPI~1.DLL [2007-12-10 13:04 911360]

[HKEY_CLASSES_ROOT\clsid\{6d685611-b7a8-4b4c-a161-346390b5189c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:50 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"SystemTray"="SysTray.Exe" [2004-08-04 13:00 3072 C:\WINDOWS\system32\systray.exe]
"BDMCon"="C:\Programme\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 12:51 290816]
"BDAgent"="C:\Programme\Softwin\BitDefender10\bdagent.exe" [2007-03-29 13:15 69632]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-16 16:05 1009806]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2005-11-16 16:05 118784]
"PhraseExpress"="C:\Programme\PhraseExpress\PhraseExpress.exe" [2008-01-29 18:47 2550888]
"Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe" [2007-08-17 16:24 716800]
"AVMFBoxMonitor"="C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2007-05-08 02:00 1482752]
"SetDefPrt"="C:\Programme\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Programme\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-30 19:30 23552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ISDNWatch.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkvMon.exe.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^*************^Startmenü^Programme^Autostart^FAXRX.lnk]
path=C:\Dokumente und Einstellungen\*************\Startmenü\Programme\Autostart\FAXRX.lnk
backup=C:\WINDOWS\pss\FAXRX.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^*************^Startmenü^Programme^Autostart^PhraseExpress.lnk]
path=C:\Dokumente und Einstellungen\*************\Startmenü\Programme\Autostart\PhraseExpress.lnk
backup=C:\WINDOWS\pss\PhraseExpress.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^*************^Startmenü^Programme^Autostart^Windows Privacy Tray.lnk]
path=C:\Dokumente und Einstellungen\*************\Startmenü\Programme\Autostart\Windows Privacy Tray.lnk
backup=C:\WINDOWS\pss\Windows Privacy Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-11 23:57 2321600 C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2006-06-19 13:51 233512 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMFBoxMonitor]
--a------ 2007-05-08 02:00 1482752 C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]
--a------ 2001-12-05 16:47 147456 C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a--c--- 2002-01-29 01:16 1228800 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 C:\Programme\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2007-10-30 19:30 23552 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-07-28 22:05 277328 C:\Programme\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
--------- 2006-11-22 21:10 151552 C:\Programme\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Foxmail-Hotmail Proxy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
--a------ 2007-06-26 19:27 312320 C:\Programme\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:50 1289000 C:\PROGRA~1\MICROS~4\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-03-09 15:15 40960 C:\Programme\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klickIdentPP.exe]
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a------ 2007-05-31 16:17 3039232 C:\Programme\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
--a------ 2007-06-18 15:59 126976 C:\Programme\phonostar\ps_timer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Programme\Desktop Sidebar\dsidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypingSatellite]
--a------ 2005-01-11 09:47 761856 C:\Programme\TypingMaster\KBOOST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesktop]
--a------ 2004-09-28 02:00 70144 C:\Programme\Tweak-XP Pro 4\virtuald.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
--a------ 2006-05-04 05:58 998912 C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XSubst]
--a------ 2007-07-07 13:21 245760 C:\Programme\XSubst\XSubst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-03-22 16:27 1818624 E:\Downloads\Yod'm3D\yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Sony Handheld\\HOTSYNC.EXE"=
"C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Programme\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Media Player Classic\\mplayerc.exe"=
"E:\\Downloads\\Adobe Acrobat Reader\\utorrent.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Programme\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Programme\\PhraseExpress\\PhraseExpress.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-04 10:58]
R0 TwkMs;CHIPDRIVE Maus Adapter;C:\WINDOWS\system32\drivers\TwkMs.sys [2003-04-30 01:14]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-02-23 16:17]
R1 ui11rdr;ui11rdr;C:\WINDOWS\system32\DRIVERS\ui11rdr.sys [2007-01-22 11:43]
R1 uigxrdr;uigxrdr;C:\WINDOWS\system32\DRIVERS\uigxrdr.sys [2007-01-22 11:49]
R2 TwkPCSC;CHIPDRIVE PC/SC Drivers;C:\WINDOWS\system32\drivers\TwkPCSC.sys [2003-04-30 01:14]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 12:13]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
R3 gameport;512i digital PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 01:59]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys [2005-03-15 22:36]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-03-15 22:36]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-03-15 22:36]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-03-15 22:36]
R3 wdm_fm801;512i digital PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-08-31 17:30]
S3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;C:\WINDOWS\system32\DRIVERS\fpcibase.sys [2001-08-17 12:14]
S3 iMSPQMn;iMSPQMn;C:\DOKUME~1\VORINS~1\LOKALE~1\Temp\iMSPQMn.sys []
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS [2001-01-29 13:46]
S3 TWKPNP;CHIPDRIVE Plug and Play driver;C:\WINDOWS\system32\DRIVERS\TWKPNP.SYS [2003-04-30 01:14]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys [2006-07-28 17:28]
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys [2006-07-28 17:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
"2008-03-14 16:51:41 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-03-18 16:49:47
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Tools&More\WinExit-Pro\winexit.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-18 16:56:55 - machine was rebooted [*************]
ComboFix-quarantined-files.txt 2008-03-18 15:56:48
ComboFix2.txt 2008-03-17 23:59:57
.
2008-03-12 08:47:08 --- E O F ---



################################

Vielen Dank für Dein Interesse und Deine Hilfe! Der Rest folgt.

Ciao, Pfeife

ad 2: Logfile von SDFix


SDFix: Version 1.158

Run by Administrator on 18.03.2008 at 17:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 17:43:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e0818537
"s2"=dword:c2c562c6
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:8f,b2,f1,2e,7d,14,a3,de,49,3c,c0,0a,a7,7c,6e,f6,71,be,32,ac,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:8f,b2,f1,2e,7d,14,a3,de,49,3c,c0,0a,a7,7c,6e,f6,71,be,32,ac,d2,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="0279DDEEE602E1422520726D33522E0357FC888A8EC482F65FA23FEFE4DBEBA70B581AE7C9FC6A14609237454EDE91D49D68D0D1AB96F05C0CA6 11D3B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933 C038D530D6EB3452EECD32699271398868DEEB277A28C0938D209A4AFA1A1D501CFCF91DB354D2B88F3B0B2BD5C807752A65CD93AFA27F5805088CA2C7EAB823BABE384B12FC881D9B0E4E 5FA74DCC807795D5261AF83231F184ECB8503183C3676E5C3774688CD667E1C841F1DA903D37D6EAD008E5C7F46BEAD6D26124F1ED8C705C1BC86AFE27CE456BA1650739125586949908D8 0F4F8F850E4B8B315FB4171BD2C6420EE124AFBD49657416143AC1F500196F75BEC07E92778FA4F90BF9FA397E9C55909DB6EC441983558450C4EFEAFDFCD492711DDBC31E22C4D09578A9 0A4316BC647D9E6DC13988837F8392581D838696BC228BD1BE2F19C9BF87BB204128BC78ACB06B1C98A7943F69A55CF43B2A89D332B4888C9E7C20D483C8A65B0557AF47C5CA83661C89DC 8B59922CC564ADF0EFE86DE23C6FFBF34B8AA96BDC71A0A2B23B43A1C015A5A9AE1A8B61CFAE6FB91385F33F96B6C7E756FBDC942A15F45D824FF55221BE6855B4A9B52D1AA274F42BE5D8 15D2E69DE0E2AEF6FECBF1ECB945F621F801C8E1536BBA9719AF3E664766180CB0AEEBDF5B2130F359D07FC2294E5C6849DF57452567341FFC21F1906BBAE062B1EA23136388C0312B4BA9 562DB35DD44EC1046BE37F309A890222E4ADDD36168A4BDFE29C4FD3F1CACFCE295DCD0B4FE5ABD8CFBC4EFC41C0E729F86FCEC4C40518659BBB7592DBE778C163E5BC2AA9C128D712EDB3 1E29F9F1D283264C6B6EBB1F70B18DBADA790062CA4E85E0B59566467277CED14950DE3D60E35A5A3EFA1EB1AEB76EA33B39E9AFA35B8E625AAA309892E5C410E896EE6E08992B41843171 A2BF69D0FA7AED4D067B1B6AA9F8E44AB6946BCD1B1C3F7DAC71C8488CBA3F4BCBBC25BBCC0ECEA80FF5C592E52824B7BAC63579603574B0243A3CF60E0EB6190AAEEAC96AA5F3CAF8A8B4 9609B1AACE426E996C933A420404736091D7E30E1B3D926328699FDD597421E89A4912A03771440F5EAB6518458021458444541DE3495B561922916D4DB6DB0454A07C90F1EDF1B29BE427 4B1750BE20D06EA8A25A186FB273B2426A73FBCD4D91CC54EACDE299C3853D2014F030364A8D35623FBC17A78821FAB17DEC7E5C2FAED03482F1FDCDA58FF6A88F1EDFEA40E1BEB47719B4 D210A1A18C37AC03643A21F1698E58F39861421CC9BB3CA131238BF206B6D4E7B2A2060F3A887D4DB21F6F3BF52C4DF97422B9F5C1FE3FBE51B8DCFCF2C8A527FD3D"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Sony Handheld\\HOTSYNC.EXE"="C:\\Programme\\Sony Handheld\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabledreamweaver 8"
"C:\\Programme\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Programme\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabledreamweaver MX 2004"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Media Player Classic\\mplayerc.exe"="C:\\Programme\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"E:\\Downloads\\Adobe Acrobat Reader\\utorrent.exe"="E:\\Downloads\\Adobe Acrobat Reader\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Programme\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\\Programme\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Programme\\CyberLink\\PCM4Everio\\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Programme\\PhraseExpress\\PhraseExpress.exe"="C:\\Programme\\PhraseExpress\\PhraseExpress.exe:*:Enabled:PhraseExpress"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\PhraseExpress\\phraseexpress.exe"="C:\\Programme\\PhraseExpress\\phraseexpress.exe:*:Enabled:PhraseExpress"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 11 Mar 2008 210 A.SH. --- "C:\BOOT.BAK"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"
Thu 31 Aug 2006 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Tue 11 Mar 2008 25,330 ...H. --- "C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe-CommandBars"
Thu 25 Oct 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"

Finished!

1.
rechtsklick auf die C:\WINDOWS\wininit.ini - mit Texteditor öffnen - poste , was da steht.

2.
scanne mit malwarebyre + poste den report

C:\WINDOWS\wininit.ini:

[rename]
c:\tempjunk5495.tmp=C:\WINDOWS\etlrlws.dll_old
nul=c:\tempjunk5495.tmp

C:\WINDOWS\wininit.ini
gleich löschen ! + papierkorb leeren.

dann poste das scanlog von malwarebyt

Hi Sabina, wininit.ini ist gelöscht und der Papierkorb geleert.

Malware-Proggie scannt, das dauert... (2 HDDs + externe HDD).

Ciao, Pfeife

Malwarebytes sagt:

Malwarebytes' Anti-Malware 1.08
Datenbank Version: 471

Scan Art: Komplett Scan (C:\|E:\|F:\|)
Objekte gescannt: 413092
Scan Dauer: 3 hour(s), 8 minute(s), 34 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bnqk (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)


####################

Es schlägt mir vor, die beiden infizierten Registrierungsschlüssel zu löschen. Dem stimme ich natürlich zu.

War es das dann schon?

Habe herzlichen Dank für Deine Hinweise und Ratschläge!
Ciao, Pfeife