Trojaner-Board - 10.exe ; F.exe ; ipwi32; ipug32 ???? Hilfe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 10.exe ; F.exe ; ipwi32; ipug32 ???? Hilfe (https://www.trojaner-board.de/24491-10-exe-f-exe-ipwi32-ipug32-hilfe.html)

10.exe ; F.exe ; ipwi32; ipug32 ???? Hilfe

Hi Leute hab mir glaub was eingefangen

meine startsite wurde durch einen about:blank ersetzt; in den favoriten sind neue einträge vorhanden und ca alle 5 min kommt ein fenster mit werbung von "only the best"

im task manager sind folgende Prozesse (vermutlich) neu aufgetaucht:
10.exe ; F.exe ; ipwi32 und ipug32

Bitte helft mir

Danke schon im Vorraus

Logfile of HijackThis v1.99.1
Scan saved at 18:30:52, on 13.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ipwi32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Notebook Hardware Control\nhc.exe
D:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programme\Mousometer\mousometer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Matze\Eigene Dateien\down\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - C:\WINDOWS\system32\apiik.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKLM\..\Run: [F.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [F.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Microsoft Office Outlook starten.lnk = C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Mousometer.lnk = C:\Programme\Mousometer\mousometer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {7288F092-0E1C-48D7-852C-D5718D4EC435} - http://w*w.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://w*w.aldi.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipwi32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Hallo,
mache mal eine Datenträgerbereinigung und fixe folgende Einträge im abgesicherten Modus:

C:\WINDOWS\ipwi32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iwtxp.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - C:\WINDOWS\system32\apiik.dll
O4 - HKLM\..\Run: [ipug32.exe] C:\WINDOWS\ipug32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipwi32.exe

Poste anschließend ein neues Logfile.

Danke nochmals für die Antwort

hier die logfiel nach dem fixen:

(sollte ich nicht noch bei dem O4 die f.tmp.exe und die 10.tmp.exe fixen???)

Logfile of HijackThis v1.99.1
Scan saved at 19:45:27, on 13.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Programme\DAEMON Tools\daemon.exe
C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programme\Mousometer\mousometer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ipwi32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ipug32.exe
C:\Dokumente und Einstellungen\Matze\Eigene Dateien\down\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lvsru.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {52DAA6E3-0093-211B-9CF5-449C088F3F18} - C:\WINDOWS\crpt32.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [F.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Microsoft Office Outlook starten.lnk = C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Mousometer.lnk = C:\Programme\Mousometer\mousometer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {7288F092-0E1C-48D7-852C-D5718D4EC435} - http://www.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipwi32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Oh ja doch die auch..
O4 - HKLM\..\Run: [F.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [F.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\F.tmp.exe
O4 - HKLM\..\Run: [10.tmp.exe] C:\DOKUME~1\Matze\LOKALE~1\Temp\10.tmp.exe

Tut mir leid habe ich übersehen ;)
Haste die Datenträgerbereinigung gemacht?

Und such mal nach dieser Datei und lösche sie.
C:\WINDOWS\ipug32.exe

Datenträgerbereinigung???

Bin ich dumm?
ich bin ja schon ziemlich lange am pc tätig aber das kenn ich nicht, was muss man denn da tun?
ich kenn nur defragmentieren und format c (was ich hoffe es nicht istdann sonst :snyper: )

Neee...kein formatieren ;)
Arbeitsplatz>rechtsklick auf c>eigenschaften>bereinigen

also bei mir kommt da kein bereinigen

aber ich denk es funktioniert jetzt auch so

danke für deine hilfe

Doch das müsste da stehen.

Wenn da noch irgendwas ärger macht melde dich nochmal.

@ GeneralMetzger

Führe zunächst bitte mal einen Escan durch und teile uns die Ergebnisse mit.

jo ich lad grad ma die software runter

also das problem besteht weiter

ich kann fixen wie ich will des zeug kommt immer wieder :headbang:

ich bin am verzweifeln

so hier meine ergebnisse vom MWAV:

ich hoffe ihr könnt was damit anfangen

Tue Dec 13 20:48:40 2005 => File C:\WINDOWS\system32\ntim.exe infected by "Trojan-Downloader.Win32.Agent.td" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:48:43 2005 => File C:\WINDOWS\system32\ntwb32.dll infected by "Trojan-Downloader.Win32.WinShow.bg" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:48:43 2005 => File C:\WINDOWS\system32\sdkmf32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:48:45 2005 => File C:\WINDOWS\system32\ntwb32.dll infected by "Trojan-Downloader.Win32.WinShow.bg" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:48:51 2005 => File C:\WINDOWS\system32\ntim.exe infected by "Trojan-Downloader.Win32.Agent.td" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:48:51 2005 => File C:\WINDOWS\system32\sdkmf32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({020b1227-417d-4682-9ac3-61f43cb5b6b1})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({125494b2-acad-414c-98b9-452f3ef7703a})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({3d00a39c-655b-428b-aeb2-2fba03dcc49c})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({408f660a-9465-44a3-b557-8709dfd992bc})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with cws.homesearch Browser Hijacker ({676575dd-4d46-911d-8037-9b10d6ee8bb5})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({8ee6bf73-b370-4d13-9126-eb0071178f2e})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({97f56e12-c706-4aeb-9ffb-133c05ee5d38})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({9bb7e700-4e48-476d-b75c-6f47606be988})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with azesearch Browser Hijacker ({a19ef336-01d4-48e6-926a-fe7e1c747aed})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with azesearch Browser Hijacker ({ba048011-957f-4ba0-a804-62c28d96f878})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({cbcaca58-1aee-4600-8cf0-e8b30bff1535})! Action taken: No Action Taken.

Tue Dec 13 20:51:29 2005 => System found infected with antivirusgold Spyware/Adware ({d6d64cdf-0363-4261-b723-29a3af365e1d})! Action taken: No Action Taken.

Bitte verwende die Find.bat um die Ergebnisse zu posten. Ich befürchte nämlich, dass du hast bei der Anwendung einen Fehler gemacht hast...