Startseite wird auch nach Trojanerentfernung umgeleitet

huibuh · 30.09.2009, 19:24

Bitte um Hilfe
Habe mit Norman einen Trojaner entfernt (Program Files: Internet Saving Optimizer und Media Access Startup). Danach habe ich Adaware, cwschredder, Malewarebytes durchlaufen lassen, die haben nix gefunden. Habe CCleaner durchgeführt. Das Problem bleibt: öffne ich Mozilla oder Explorer wird die Startseite auf andere Seiten umgeleitet, die z.B. meinen Todestag berechnen wollen

Hier der aktuelle Logfile, wohlgemerkt mit geöffneten Browser, in der Hoffnung, dass da mehr sichtbar wird. Weiß jemand Rat?

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lexware Info Service.lnk = C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

kira · 30.09.2009, 19:44

Hallo und Herzlich Willkommen!

- Kannst du den Bericht von Norman mit den Malwarefunde hier posten?
- auch das Log v Malwarebytes

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
Es fehlt der Kopf des HijackThis-LogFiles mit den Informationen zur Aktualität des Systems.

Zitat:

Logfile of ....
Scan saved at ..........
Platform: ...................
MSIE: Internet Explorer ..............
Boot mode: Normal

► entweder ein neues Logfile bitte erstellen und posten oder den Teil hinzufügen! - - Keine offenen Fenster, solang bis HijackThis läuft!!

2.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

3.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- "Show all" soll nicht angehakt sein! dann klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

oder bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

huibuh · 30.09.2009, 21:57

Danke für die schnelle Antwort, hat jetzt was gedauert, bis ich alles zusammen hatte. Also, den Bericht von Norman hab ich nicht mehr, war aber bis auf andere Ziffern, die ich nicht mehr weiß, ähnlich wie bei einer anderen Sache, die hier schon besprochen wurde. Die Dateien lauteten:
C:\Program Files\Internet Saving Optimizer\3.7.1.4???\NPIEAddOn.dll
C:\Program Files\Media Acess Startup\1.6.???\HPIEAddOn.dll
Diese habe ich mit Norman entfernt, danach zeigte mir Norman nichts mehr an und Malewarebytes auch nichts.
Hier nun der HijackThis Logfile, den ich nach meiner ersten Nachricht nochmal ohne offenes fenster erstellt habe. Jetzt auch vollständig, sorry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:22, on 13.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lexware Info Service.lnk = C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9886 bytes

huibuh · 30.09.2009, 21:59

Nun die Auswertung vom ccleaner:

Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 09.08.2008 14,0MB
Ad-Aware Lavasoft 29.09.2009 60,1MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.08.2009
Adobe Flash Player Plugin Adobe Systems Incorporated 09.08.2008
Adobe Reader 8.1.6 - Deutsch Adobe Systems Incorporated 01.07.2009
Adobe Shockwave Player 11 Adobe Systems, Inc. 09.08.2008 17,0MB
Apple Application Support Apple Inc. 19.09.2009 32,2MB
Apple Software Update Apple Inc. 07.12.2008 2,16MB
CCleaner (remove only) Piriform 29.09.2009 2,71MB
Compatibility Pack für 2007 Office System Microsoft Corporation 08.07.2009
CyberLink PowerDirector CyberLink Corp. 10.06.2008 216,2MB
CyberLink PowerProducer CyberLink Corp. 10.06.2008 299,9MB
Driver Updater Carambis 12.09.2009 5,58MB
GIMP 2.6.6 01.08.2009 85,0MB
Haufe iDesk-Browser Haufe 21.08.2008 16,0MB
Haufe iDesk-Service Haufe 21.08.2008 28,6MB
HijackThis 2.0.2 TrendMicro 12.02.2009 0,41MB
HP Customer Participation Program 8.0 HP 07.11.2008 236,7MB
HP Imaging Device Functions 8.0 HP 07.11.2008 1,54MB
HP OCR Software 8.0 HP 07.11.2008 1,53MB
HP Photosmart Essential HP 07.11.2008 10,2MB
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 07.11.2008 75,8MB
HP Print Diagnostic Utility Hewlett-Packard 07.11.2008 0,63MB
HP Solution Center 8.0 HP 07.11.2008 1,53MB
HP Update Hewlett-Packard 01.12.2008 3,71MB
HPSSupply Ihr Firmenname 07.11.2008 0,96MB
Intel(R) Matrix Storage Manager 09.08.2008 8,16MB
Intel(R) Network Connections 13.0.42.0 Intel 25.05.2008 8,22MB
IrfanView (remove only) 06.06.2009 1,57MB
Java(TM) 6 Update 15 Sun Microsystems, Inc. 27.04.2009 94,5MB
Java(TM) 6 Update 6 Sun Microsystems, Inc. 26.05.2008 171,1MB
LeechFTP 25.05.2008
LetsTrade Komponenten 09.08.2008 19,3MB
Lexware faktura+auftrag plus 2007 Lexware 21.08.2008 92,9MB
Lexware know how warenwirtschaft haufe 21.08.2008 26,2MB
Logitech MouseWare 9.28 25.05.2008
Logitech-Handbuch 08.11.2008 1,54MB
MailStore Home 2.7.2.2033 deepinvent Software GmbH 31.10.2008 30,0MB
MakeDisc CyberLink Corp. 09.08.2008 102,1MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 29.09.2009 3,99MB
MCE Software Encoder 1.1 CyberLink Corporation 09.08.2008 1,38MB
MediaShow CyberLink Corporation 09.08.2008 33,1MB
Microsoft .NET Framework 1.1 26.05.2008
Microsoft .NET Framework 1.1 Hotfix (KB929729) 26.05.2008
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 03.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 02.02.2009 37,0MB
Microsoft Office Home and Student 2007 Microsoft Corporation 08.07.2009 298,2MB
Microsoft Silverlight Microsoft Corporation 08.09.2009
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.06.2008 2,38MB
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.05.2008 2,06MB
Motorola Software Update Motorola 12.09.2009 59,1MB
Mozilla Firefox (3.5.3) Mozilla 28.09.2009 25,6MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 25.05.2008 1,28MB
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 25.05.2008 1,28MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.11.2008 1,28MB
Nero 8 Essentials Nero AG 25.05.2008 1.835,1MB
Norman Virus Control Norman ASA 21.08.2008 70,8MB
NVIDIA Drivers 09.08.2008
PDF Blender 23.05.2009 1,28MB
PDFCreator Frank Heindörfer, Philip Chinery 23.05.2009 25,0MB
Phase 5 HTML-Editor Systemberatung Schommer 05.06.2009 3,62MB
PhotoNow! CyberLink Corp. 09.08.2008 1,60MB
PowerDVD PowerDVDCorp. 09.08.2008 85,2MB
QuickTime Apple Inc. 19.09.2009 76,5MB
RealPlayer RealNetworks 04.12.2008 45,0MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.05.2008 21,6MB
Sceneo AbsolutTV 09.08.2008 6,54MB
Sony Picture Utility Sony Corporation 29.11.2008 135,8MB
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 25.05.2008 67,5MB
TopStyle Lite (Version 3) 06.06.2009
TVsweeper 3 Sonavis 26.05.2008 16,1MB
Ulead PhotoImpact 12 Ulead System 09.08.2008 389,2MB
WinSCP 4.1.9 Martin Prikryl 11.09.2009 7,17MB
WISO Mein Geld 2008 Professional Buhl Data Service GmbH 26.05.2008 167,5MB
X10 Hardware(TM) 09.08.2008 28,00KB
XAMPP 1.7.1 31.07.2009 322,7MB

huibuh · 30.09.2009, 22:02

und hier die Auswertung von gmer:

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-30 22:54:07
Windows 6.0.6002 Service Pack 2
Running: 7tzpghmc.exe; Driver: C:\Users\Benzel\AppData\Local\Temp\uxryipow.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[1212] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\Dwm.exe[1212] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[1400] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\taskeng.exe[1400] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2088] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[2108] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\RtHDVCpl.exe[2124] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\RtHDVCpl.exe[2124] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\rundll32.exe[2156] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\rundll32.exe[2156] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2180] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2212] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wbem\unsecapp.exe[2248] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehtray.exe[2308] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\ehome\ehtray.exe[2308] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2316] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] KERNEL32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe[2324] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[2336] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehmsas.exe[2504] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text

huibuh · 30.09.2009, 22:03

und hier der letzte Teil von gmer:

C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\ehome\ehmsas.exe[2504] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3584] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\mobsync.exe[3732] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\mobsync.exe[3732] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3844] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\conime.exe[4008] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\conime.exe[4008] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] kernel32.dll!LoadLibraryExW 761A9109 6 Bytes JMP 5F070F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!htons 76263010 6 Bytes JMP 5F040F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!WSAGetLastError + 2 76263037 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!closesocket 7626330C 6 Bytes JMP 5F0D0F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!connect 762640D9 6 Bytes JMP 5F130F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!WSAEventSelect 76265BFA 6 Bytes JMP 5F1F0F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!WSAConnect 7626D7B0 6 Bytes JMP 5F190F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!WSAAsyncSelect 7627A17C 6 Bytes JMP 5F1C0F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!WSAAccept 7627BB56 6 Bytes JMP 5F160F5A
.text C:\Users\Benzel\Downloads\7tzpghmc.exe[5808] WS2_32.dll!accept 7627BDF6 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74557817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74588395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7454FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7454FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7457C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74546853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7454687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823

---- EOF - GMER 1.0.15 ----

Habe da noch 2 Infos als Desktop.ini, die nun folgen, weiß damit gar nichts anzufangen:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Launch Internet Explorer Browser.lnk=@%windir%\System32\ie4uinit.exe,-733

Also ich blick da nicht mehr durch. Meine Hochachtung schon jetzt.

kira · 01.10.2009, 18:25

hi

Punkt 3. kommt noch?--> http://www.trojaner-board.de/77940-startseite-wird-auch-nach-trojanerentfernung-umgeleitet.html#post469571

huibuh · 01.10.2009, 20:36

hi,
sorry, hab ich übersehen, habe ich gerade versucht, filelist sagt mir, er kann filelist.txt nicht finden und fragt, ob ich eine neue Datei erstellen möchte, aber wie?

huibuh · 01.10.2009, 20:53

Wer lesen kann ist klar im Vorteil. Ich hab Vista drauf, daher hatte ich den Punkt 3 wohl auch ausgelassen.

kira · 01.10.2009, 20:53

ich auch sorry..mein Fehle, weil ja Du Vista hast

- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von RSIT installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

huibuh · 01.10.2009, 21:19

Alles klar, hier der RSIT logfile:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Benzel at 2009-10-01 22:16:04
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 359 GB (79%) free of 456 GB
Total RAM: 3069 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:12, on 01.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Benzel\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\Benzel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lexware Info Service.lnk = C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8869 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"TVBroadcast"=C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [2008-04-11 937984]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-02 92704]
"toolbar_eula_launcher"=C:\Program Files\GoogleEULA\EULALauncher.exe [2007-02-09 16896]
"Norman ZANDA"=C:\Program Files\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-04-10 34816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-05 185872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"mumservice"=C:\Program Files\Motorola\Software Update\mumservice.exe [2009-08-19 1070336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
" Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Driver Updater"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lexware Info Service.lnk - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

C:\Users\Benzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Picture Motion Browser Medien-Prüfung.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eff17f86-5a92-11de-8166-0021850bfb0d}]
shell\AutoRun\command - J:\StartPortableApps.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-01 22:16:04 ----D---- C:\rsit
2009-09-30 19:52:46 ----A---- C:\Windows\system32\lsdelete.exe
2009-09-30 19:16:47 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-30 19:14:58 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-30 19:14:45 ----D---- C:\ProgramData\Lavasoft
2009-09-30 19:14:45 ----D---- C:\Program Files\Lavasoft
2009-09-30 18:24:48 ----D---- C:\Program Files\CCleaner
2009-09-30 14:38:23 ----D---- C:\Windows\Minidump
2009-09-30 13:10:29 ----D---- C:\Users\Benzel\AppData\Roaming\Malwarebytes
2009-09-30 13:10:22 ----D---- C:\ProgramData\Malwarebytes
2009-09-30 13:10:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 12:29:42 ----A---- C:\avenger.txt
2009-09-29 09:24:59 ----D---- C:\Program Files\Mozilla Firefox
2009-09-20 18:09:15 ----HDC---- C:\ProgramData\{1C2F1992-4FF2-41CD-AF9F-DFF55F65212E}
2009-09-20 16:04:46 ----D---- C:\ProgramData\Apple Computer
2009-09-20 16:04:46 ----D---- C:\Program Files\QuickTime
2009-09-13 02:01:16 ----D---- C:\Program Files\Common Files\MSSoap
2009-09-13 02:01:15 ----D---- C:\Program Files\Motorola
2009-09-13 02:01:15 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-09-13 01:48:09 ----D---- C:\Program Files\Carambis
2009-09-12 16:35:27 ----A---- C:\DBS.TXT
2009-09-12 16:33:57 ----A---- C:\Windows\system32\Mfc42loc.dll
2009-09-12 16:33:47 ----D---- C:\ProgramData\BVRP Software
2009-09-12 09:01:50 ----D---- C:\Program Files\WinSCP
2009-09-09 13:36:34 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 13:36:30 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 13:36:29 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 13:36:29 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 13:36:29 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 13:36:29 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 13:36:29 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 13:36:29 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 13:36:29 ----A---- C:\Windows\system32\finger.exe
2009-09-09 13:36:29 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 13:36:17 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 13:36:17 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 13:36:17 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 13:36:17 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 13:36:17 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 13:36:14 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 13:36:14 ----A---- C:\Windows\system32\mf.dll
2009-09-02 22:14:07 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 22:14:07 ----A---- C:\Windows\system32\Apphlpdm.dll

======List of files/folders modified in the last 1 months======

2009-10-01 22:16:12 ----D---- C:\Windows\Prefetch
2009-10-01 22:16:07 ----D---- C:\Windows\Temp
2009-10-01 22:16:05 ----D---- C:\Program Files\HijackThis
2009-10-01 21:29:13 ----D---- C:\Windows\System32
2009-10-01 21:29:13 ----D---- C:\Windows\inf
2009-10-01 21:29:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-01 18:47:50 ----D---- C:\Windows\system32\drivers
2009-10-01 18:47:23 ----D---- C:\Program Files\Norman
2009-09-30 19:16:55 ----D---- C:\Windows\Tasks
2009-09-30 19:16:55 ----D---- C:\Windows\system32\Tasks
2009-09-30 19:16:47 ----D---- C:\Windows\system32\catroot
2009-09-30 19:14:58 ----SHD---- C:\Windows\Installer
2009-09-30 19:14:58 ----HD---- C:\ProgramData
2009-09-30 19:14:58 ----HD---- C:\Config.Msi
2009-09-30 19:14:45 ----RD---- C:\Program Files
2009-09-30 19:14:43 ----D---- C:\Windows\winsxs
2009-09-30 18:28:11 ----D---- C:\Windows\Debug
2009-09-30 18:28:11 ----D---- C:\Windows
2009-09-30 12:59:22 ----D---- C:\Windows\system32\catroot2
2009-09-30 11:50:26 ----SD---- C:\ProgramData\Microsoft
2009-09-30 10:05:28 ----SHD---- C:\System Volume Information
2009-09-30 09:53:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-30 09:51:34 ----RSD---- C:\Windows\Fonts
2009-09-30 09:51:34 ----D---- C:\Program Files\HomeCinema
2009-09-29 09:25:33 ----D---- C:\Users\Benzel\AppData\Roaming\Mozilla
2009-09-20 16:04:37 ----D---- C:\Program Files\Common Files\Apple
2009-09-13 11:23:44 ----D---- C:\Program Files\phase5
2009-09-13 02:01:16 ----D---- C:\Program Files\Common Files
2009-09-09 16:20:53 ----D---- C:\Windows\rescache
2009-09-09 16:04:13 ----D---- C:\Windows\system32\de-DE
2009-09-09 15:17:41 ----D---- C:\Program Files\Windows Mail
2009-09-09 15:17:30 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 15:17:06 ----D---- C:\Windows\ehome
2009-09-06 11:25:28 ----D---- C:\xampp
2009-09-02 22:15:17 ----D---- C:\Windows\AppPatch

huibuh · 01.10.2009, 21:21

hier der zweite Teil:

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 NGS;Norman General Security Driver; \??\c:\program files\norman\nvc\bin\ngs.sys [2009-02-11 22712]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 3xHybrid;Philips SAA713x PCI Card; C:\Windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-06 218752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-02 7460320]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vsdatant;vsdatant; \??\C:\Windows\system32\vsdatant.sys [2005-11-15 372816]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\eLogsvc.exe [2007-08-30 150584]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-30 1028432]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-02 118784]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-06-03 237638]
R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2008-02-28 1801216]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2009-08-26 264592]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-03-06 183352]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 HRService;Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [2006-10-23 71072]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

kira · 01.10.2009, 21:30

hi

1.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

2.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online - Scanner - wähle "Arbeitsplatz" aus:
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- speichere die Ergebnis als *.txt Datei und poste das Logfile des Scans

huibuh · 01.10.2009, 23:46

Hi,
also... puuh...geschafft... Super Antispyware hat nix gefunden, doch als ich während des Scans auf den Rechner geschaut habe, wurde gerade in dem Moment "Internet Saving Optimizer" gescannt, da es so schnell ging konnte ich die Zifferendungen nicht sehen und nur noch erkennen, dass die Datei dieses mal nicht unter C:\Program Files war, sondern unter C:\User. Ich verstehe das nicht, hatte diese Datei über Norman doch entfernt. Habe dann nochmal alles manuell C:\ User durchgeschaut und festgestellt, dass der Ordner Internetfavoriten an dem Tag geändert wurde, als der Trojaner sich eingeschlichen hat. Bei Durchsicht des Ordners habe ich aber keine Datei gefunden, die an dem Tag erstellt oder geändert wurde.

Kaspary Auswertung folgt noch.

kira · 02.10.2009, 20:41

Ok ich warte

01.10.2009, 18:25	#7
kira /// Helfer-Team	Startseite wird auch nach Trojanerentfernung umgeleitet hi Punkt 3. kommt noch?--> http://www.trojaner-board.de/77940-startseite-wird-auch-nach-trojanerentfernung-umgeleitet.html#post469571

02.10.2009, 20:41	#15
kira /// Helfer-Team	Startseite wird auch nach Trojanerentfernung umgeleitet Ok ich warte

Startseite wird auch nach Trojanerentfernung umgeleitet

Log-Analyse und Auswertung: Startseite wird auch nach Trojanerentfernung umgeleitet