Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   was eingefangen - Protection Center (https://www.trojaner-board.de/75308-eingefangen-protection-center.html)

csae8815 15.07.2009 16:22
was eingefangen - Protection Center
 
hallo liebe experten,
ich hab mir heute was eingefangen und mein laptop spielt verrückt.

leider ist auch die google suche beeinträchtigt- sonst hätt ich mich da schon versucht schlauer zu machen.

es kommt auch ständig pop ups von protection center- das hab ich aber nie installiert- bzw. hilft deinstallieren nichts..

ich hab mal ein hijack file angefertigt und hänge es hier dran:
Vielen vielen Dank, falls jemand mir da tipps geben kann, was ich weiter tun soll.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:49, on 15.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\HP\TVPlay\TVPService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Programme\CA\eTrust Antivirus\InocIT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programme\Protection System\psystem.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\service.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web-mail2.uibk.ac.at/horde/imp/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\system32\wingenocx.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programme\ContextTool\ContextTool-3.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TVPService] "C:\Programme\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Protection System] C:\Programme\Protection System\psystem.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate1ca01331e46f1ea) (gupdate1ca01331e46f1ea) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\Sebi\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe

--
End of file - 13418 bytes


VIELEN DANK!

kira 15.07.2009 23:35
Hallo csae8815:)

Dein Log sieht überhaupt nicht gut aus:o
die wirksame Alternative wäre: Windows komplett neu zu installieren
Falls Du dein System reinigen möchtest: 100%ige Garantie gibt`s nicht, ob es uns vollständig gelingt...

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert)
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

2.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

3.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

csae8815 16.07.2009 12:50
DANKE für deine Antwort und Hilfestellung!

anbei der log von gmer:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 13:47:30
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 864B1098 ZwEnumerateKey
Code 864B0098 ZwFlushInstructionCache
Code 864B30A6 IofCallDriver
Code 864BF0D6 IofCompleteRequest
Code 864AF0D5 ZwSaveKey
Code 864AF09D ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE136 5 Bytes JMP 864B30AB
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C6 5 Bytes JMP 864BF0DB
.text ntkrnlpa.exe!ZwSaveKey 804FED94 5 Bytes JMP 864AF0DA
.text ntkrnlpa.exe!ZwSaveKeyEx 804FEDA8 5 Bytes JMP 864AF0A2
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABA9C 3 Bytes JMP 864B009C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache + 4 805ABAA0 1 Byte [05]
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061A6B6 5 Bytes JMP 864B109C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D8000A
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\net1.exe[240] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\net1.exe[240] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\wscsvc32.exe[292] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00EE000A
.text C:\WINDOWS\system32\wscsvc32.exe[292] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\service.exe[360] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\service.exe[360] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\spoolsv.exe[600] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\spoolsv.exe[600] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[652] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[652] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\SCardSvr.exe[672] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\SCardSvr.exe[672] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00A9000A
.text C:\Programme\CA\eTrust Antivirus\InoRpc.exe[700] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00FC000A
.text C:\Programme\CA\eTrust Antivirus\InoRpc.exe[700] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00FD000A
.text C:\Programme\CA\eTrust Antivirus\InoRT.exe[780] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 011F000A
.text C:\Programme\CA\eTrust Antivirus\InoRT.exe[780] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 0120000A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[816] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B3000A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[816] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B4000A
.text C:\Programme\Bonjour\mDNSResponder.exe[832] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B7000A
.text C:\Programme\Bonjour\mDNSResponder.exe[832] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B8000A
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[868] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B5000A
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[868] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B6000A
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[900] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00FB000A
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[900] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00FC000A
.text C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe[928] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 010B000A
.text C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe[928] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 010C000A
.text C:\Programme\Java\jre6\bin\jqs.exe[1048] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B4000A
.text C:\Programme\Java\jre6\bin\jqs.exe[1048] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B5000A
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1164] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B4000A
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1164] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\winlogon.exe[1228] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\winlogon.exe[1228] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\services.exe[1276] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\services.exe[1276] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\lsass.exe[1288] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\lsass.exe[1288] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00AB000A
.text C:\Programme\CA\eTrust Antivirus\InoTask.exe[1388] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 0155000A
.text C:\Programme\CA\eTrust Antivirus\InoTask.exe[1388] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 0156000A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[1396] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E0000A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[1396] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DF000A
.text C:\Dokumente und Einstellungen\Sebi\Desktop\y9pwqpiu.exe[1536] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E4000A
.text C:\Dokumente und Einstellungen\Sebi\Desktop\y9pwqpiu.exe[1536] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E5000A
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1600] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DF000A
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1600] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E0000A
.text C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe[1948] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DC000A
.text C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe[1948] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1984] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1984] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DF000A
.text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2068] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B3000A
.text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[2068] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00B4000A
.text C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe[2144] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D9000A
.text C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe[2144] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2456] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2456] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00BB000A
.text C:\Programme\Java\jre6\bin\jusched.exe[2476] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DE000A
.text C:\Programme\Java\jre6\bin\jusched.exe[2476] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DF000A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2540] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00EE000A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2540] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00EF000A
.text C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe[2600] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00C6000A
.text C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe[2600] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00C7000A
.text C:\WINDOWS\System32\alg.exe[2656] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\alg.exe[2656] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00A9000A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2856] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E1000A
.text C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2856] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E2000A
.text C:\Programme\HP\TVPlay\TVPService.exe[2868] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E6000A
.text C:\Programme\HP\TVPlay\TVPService.exe[2868] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E7000A
.text C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE[2876] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00F4000A
.text C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE[2876] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00F5000A
.text C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE[2892] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DD000A
.text C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE[2892] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DE000A
.text C:\PROGRA~1\CA\ETRUST~1\realmon.exe[2908] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 013E000A
.text C:\PROGRA~1\CA\ETRUST~1\realmon.exe[2908] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 013F000A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2916] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DB000A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2916] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DC000A
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[2948] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DB000A
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[2948] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DC000A
.text C:\Programme\FreePDF_XP\fpassist.exe[2956] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E2000A
.text C:\Programme\FreePDF_XP\fpassist.exe[2956] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E3000A
.text C:\Programme\iTunes\iTunesHelper.exe[2976] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DD000A
.text C:\Programme\iTunes\iTunesHelper.exe[2976] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\ctfmon.exe[3028] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\ctfmon.exe[3028] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D2000A
.text C:\Programme\Messenger\msmsgs.exe[3036] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00CB000A
.text C:\Programme\Messenger\msmsgs.exe[3036] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00CC000A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3104] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00DA000A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3104] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DB000A
.text C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE[3192] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D9000A
.text C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE[3192] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00DA000A
.text C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe[3208] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 011C000A
.text C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe[3208] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 011D000A
.text C:\Programme\Protection System\psystem.exe[3240] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 012D000A
.text C:\Programme\Protection System\psystem.exe[3240] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 012E000A
.text C:\WINDOWS\system32\wuauclt.exe[3428] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\wuauclt.exe[3428] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D1000A
.text C:\Programme\iPod\bin\iPodService.exe[3456] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00B9000A
.text C:\Programme\iPod\bin\iPodService.exe[3456] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00BA000A
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[3504] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00F9000A
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[3504] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00FA000A
.text C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe[3560] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E6000A
.text C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe[3560] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E7000A
.text C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe[3588] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E0000A
.text C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe[3588] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E1000A
.text C:\Programme\OpenOffice.org 2.4\program\soffice.exe[3764] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00FE000A
.text C:\Programme\OpenOffice.org 2.4\program\soffice.exe[3764] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00FF000A
.text C:\Programme\OpenOffice.org 2.4\program\soffice.BIN[3788] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 02B3000A
.text C:\Programme\OpenOffice.org 2.4\program\soffice.BIN[3788] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 02B4000A
.text C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe[3868] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E4000A
.text C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe[3868] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E5000A
.text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3944] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00E4000A
.text C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3944] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\net.exe[4016] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\net.exe[4016] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 00D1000A

csae8815 16.07.2009 12:51
TEIL 2



---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat ino_fltr.sys (CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003/Computer Associates)
AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACiomubwftabgopsmvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1512] 0x02F40000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

csae8815 16.07.2009 13:02
FILE LIST:

Code:
----- Root -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\

16.07.2009  13:56                43 filelist.txt
16.07.2009  12:41            2.298 hpqp.ini
16.07.2009  12:41                40 XP_TV.ini
16.07.2009  12:40    1.071.894.528 hiberfil.sys
16.07.2009  12:40    1.610.612.736 pagefile.sys
13.07.2009  10:27            35.669 hpfr5600.log
09.03.2009  15:59        15.832.365 mp4-video-converter-softonic_5.1.2.1[1]

----- Windows --------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS

16.07.2009  13:36        1.430.590 WindowsUpdate.log
16.07.2009  12:41                0 0.log
16.07.2009  12:41                50 wiaservc.log
16.07.2009  12:41              157 wiadebug.log
16.07.2009  12:40            2.048 bootstat.dat
16.07.2009  12:39            32.496 SchedLgU.Txt
15.07.2009  21:43            2.997 iis6.log
15.07.2009  21:43            3.741 ntdtcsetup.log
15.07.2009  21:43            6.178 comsetup.log
15.07.2009  21:43            7.077 tsoc.log
15.07.2009  21:43            1.026 ocmsn.log
15.07.2009  21:43            1.374 imsins.log
15.07.2009  21:43            7.013 KB973346.log
15.07.2009  21:43              927 msgsocm.log
15.07.2009  21:43            8.748 ocgen.log
15.07.2009  21:43            18.550 FaxSetup.log
15.07.2009  21:43            4.485 setupapi.log
15.07.2009  21:43            1.374 imsins.BAK
15.07.2009  21:43            8.880 KB971633.log
15.07.2009  21:43            9.440 KB961371.log
15.07.2009  21:43                0 setuperr.log
15.07.2009  21:43                0 setupact.log
17.06.2009  20:20              134 Eztoo Video To iPod Converter.ini
28.05.2009  16:19            3.488 messer.ini
10.03.2009  10:33              118 pro Eztoo Video To iPod Converter.ini
09.03.2009  15:52          115.054 GXTranscoder v2 Uninstaller.exe
17.01.2009  20:47          237.613 hpdj5600.his
17.01.2009  20:47            11.126 hpdj5600.ini

----- System  ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system

*nichts*

----- System 32 (Achtung: Zeitfenster beachten!) ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system32

15.07.2009  15:50            31.232 wingenocx.dll
15.07.2009  14:06          761.344 wscsvc32.exe
15.07.2009  14:06          257.536 resdll.dll
30.06.2009  13:55                16 servdat.slm
30.06.2009  13:55                14 ssprs.tgz
30.06.2009  13:55              219 lsprst7.tgz
30.06.2009  13:55              205 lsprst7.dll
20.06.2009  10:50            1.158 wpa.dbl
17.06.2009  20:20                1 Eztoo Video To iPod Converter.dat
16.06.2009  16:53            82.432 fontsub.dll
16.06.2009  16:53          119.808 t2embed.dll
12.06.2009  08:27          390.384 FNTCACHE.DAT
05.06.2009  11:42        2.060.288 usbaaplrc.dll
03.06.2009  21:26        1.296.384 quartz.dll
26.05.2009  17:18            90.112 QuickTimeVR.qtx
26.05.2009  17:18            57.344 QuickTime.qts
08.05.2009  22:47          426.312 perfh007.dat
08.05.2009  22:47          410.186 perfh009.dat
08.05.2009  22:47            65.326 perfc009.dat
08.05.2009  22:47            78.940 perfc007.dat
08.05.2009  22:47          992.090 PerfStringBackup.INI
07.05.2009  17:42          346.624 localspl.dll
29.04.2009  06:42          827.392 wininet.dll
29.04.2009  06:42          233.472 webcheck.dll
29.04.2009  06:42        1.159.680 urlmon.dll
29.04.2009  06:42            44.544 pngfilt.dll
29.04.2009  06:42          105.984 url.dll
29.04.2009  06:42          102.912 occache.dll
29.04.2009  06:42          671.232 mstime.dll
29.04.2009  06:42          477.696 mshtmled.dll
29.04.2009  06:42          193.024 msrating.dll
29.04.2009  06:42        3.596.288 mshtml.dll
29.04.2009  06:42          459.264 msfeeds.dll
29.04.2009  06:42            52.224 msfeedsbs.dll
29.04.2009  06:42        1.830.912 inetcpl.cpl
29.04.2009  06:42            27.648 jsproxy.dll
29.04.2009  06:41          268.288 iertutil.dll
29.04.2009  06:41            44.544 iernonce.dll
29.04.2009  06:41        6.066.176 ieframe.dll
29.04.2009  06:41            78.336 ieencode.dll
29.04.2009  06:41          153.088 ieakeng.dll
29.04.2009  06:41          385.024 iedkcs32.dll
29.04.2009  06:41          383.488 ieapfltr.dll
29.04.2009  06:41          230.400 ieaksie.dll
29.04.2009  06:41            63.488 icardie.dll
29.04.2009  06:41          133.120 extmgr.dll
29.04.2009  06:41          214.528 dxtrans.dll
29.04.2009  06:41          124.928 advpack.dll
29.04.2009  06:41          347.136 dxtmsft.dll
28.04.2009  15:54                0 ssprs.dll
28.04.2009  11:05          389.120 html.iec
28.04.2009  11:05            13.824 ieudinit.exe
28.04.2009  11:05            70.656 ie4uinit.exe
25.04.2009  07:26          161.792 ieakui.dll
19.04.2009  22:06        1.846.784 win32k.sys
15.04.2009  17:29          583.168 rpcrt4.dll
15.04.2009  11:56          374.272 xpsp3res.dll
21.03.2009  16:20        1.059.840 kernel32.dll
09.03.2009  16:04              336 temp_0000_85-20.aok
09.03.2009  16:03              186 test.aok
06.03.2009  15:59          286.720 pdh.dll
11.02.2009  17:55              664 d3d9caps.dat
09.02.2009  13:39        2.065.280 ntkrnlpa.exe
09.02.2009  13:39        2.188.416 ntoskrnl.exe
09.02.2009  12:00          736.256 lsasrv.dll
09.02.2009  12:00          401.408 rpcss.dll
09.02.2009  12:00          678.912 advapi32.dll
09.02.2009  12:00          740.864 ntdll.dll
09.02.2009  11:48          111.104 services.exe
06.02.2009  11:54            35.328 sc.exe
04.02.2009  22:11          148.888 javaws.exe
04.02.2009  22:11          144.792 javaw.exe
04.02.2009  22:11            73.728 javacpl.cpl
04.02.2009  22:11          144.792 java.exe
04.02.2009  22:11          410.984 deploytk.dll
03.02.2009  22:08            55.808 secur32.dll


----- Prefetch -------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Prefetch

16.07.2009  13:56            15.246 FIND.EXE-0EC32F1E.pf
16.07.2009  13:56            18.402 CMD.EXE-087B4001.pf
16.07.2009  13:55            97.710 WINRAR.EXE-3588DFE8.pf
16.07.2009  13:55            21.958 VERCLSID.EXE-3667BD89.pf
16.07.2009  13:47          101.830 IEXPLORE.EXE-2CA9778D.pf
16.07.2009  13:45            47.146 Y9PWQPIU.EXE-1CC85239.pf
16.07.2009  13:43            38.626 INOCIT.EXE-06E0153F.pf
16.07.2009  13:42          185.818 SERVICE.EXE-396E850B.pf
16.07.2009  13:37            73.238 WSCSVC32.EXE-0CFB75BB.pf
16.07.2009  13:36            61.596 WMIPRVSE.EXE-28F301A9.pf
16.07.2009  13:36            25.258 WUAUCLT.EXE-399A8E72.pf
16.07.2009  13:35            98.274 LOGON.SCR-151EFAEA.pf
16.07.2009  13:22            34.734 INODIST.EXE-1EAB7ACC.pf
16.07.2009  13:10            63.552 DWWIN.EXE-30875ADC.pf
16.07.2009  13:10            14.874 GOOGLEUPDATE.EXE-187AE91D.pf
16.07.2009  13:07            61.922 DEFRAG.EXE-273F131E.pf
16.07.2009  13:07            18.380 DFRGNTFS.EXE-269967DF.pf
16.07.2009  13:07          509.406 Layout.ini
16.07.2009  12:46            27.832 REALPLAY.EXE-39F79CBD.pf
16.07.2009  12:42            15.462 STCLIENT_WRAPPER.EXE-097360FB.pf
16.07.2009  12:42            39.244 WMIAPSRV.EXE-1E2270A5.pf
16.07.2009  12:42            50.946 HPQIMZONE.EXE-23C44CEA.pf
16.07.2009  12:42            22.914 HPQTOA~1.EXE-39311BAA.pf
16.07.2009  12:42            18.000 NET1.EXE-029B9DB4.pf
16.07.2009  12:42            19.954 SCANNERFINDER.EXE-02ABF949.pf
16.07.2009  12:42            18.570 WINCINEMAMGR.EXE-04A7509F.pf
16.07.2009  12:42            46.136 HPQTHB08.EXE-059C512F.pf
16.07.2009  12:42            23.280 BTTRAY.EXE-39EE8F25.pf
16.07.2009  12:42            20.072 IPODSERVICE.EXE-233792DA.pf
16.07.2009  12:42            16.952 READER_SL.EXE-36135169.pf
16.07.2009  12:42            29.062 REGSVR32.EXE-25EEFE2F.pf
16.07.2009  12:42            22.568 VPNGUI.EXE-10986A0F.pf
16.07.2009  12:42            16.712 ADOBE GAMMA LOADER.EXE-1FD09C3A.pf
16.07.2009  12:42            29.268 REALMON.EXE-040CB3EE.pf
16.07.2009  12:42            17.276 MSMSGS.EXE-32066BA5.pf
16.07.2009  12:42            22.626 DATALA~1.EXE-1A4F4FF6.pf
16.07.2009  12:42            21.332 TRAYAP~1.EXE-18CE5F88.pf
16.07.2009  12:42            23.428 EABSERVR.EXE-2897917A.pf
16.07.2009  12:42            18.300 RECGUARD.EXE-3990548D.pf
16.07.2009  12:42            46.294 QPSERVICE.EXE-3158759B.pf
16.07.2009  12:42            19.624 ALG.EXE-0F138680.pf
16.07.2009  12:42            16.880 REGEDIT.EXE-1B606482.pf
16.07.2009  12:42            12.242 INSTALL.DLL-1C3EBFA1.pf
16.07.2009  12:42            13.738 CPQSET.EXE-0830D086.pf
16.07.2009  12:42        1.201.000 NTOSBOOT-B00DFAAD.pf
16.07.2009  10:10            27.926 GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf
16.07.2009  10:05            17.044 RUNDLL32.EXE-451FC2C0.pf
16.07.2009  10:02            69.940 ACRORD32.EXE-0EC716D9.pf
16.07.2009  09:19          122.764 IV_NT86.EXE-247E4DA9.pf
16.07.2009  09:19            12.580 INOUPDATE.EXE-207A013D.pf
16.07.2009  09:09            18.790 HPQWMIEX.EXE-13981AE1.pf
16.07.2009  09:09            17.796 HPQWA_UI.EXE-23739E7D.pf
16.07.2009  09:09            38.966 TVPCAPSVC.EXE-13575CC2.pf
16.07.2009  09:09            22.490 SVCHOST.EXE-3530F672.pf
16.07.2009  09:09            14.818 LSSRVC.EXE-164808EA.pf
16.07.2009  09:09            17.654 MDM.EXE-27F66238.pf
16.07.2009  09:09            44.462 JQS.EXE-352796B1.pf
16.07.2009  09:09            33.312 INOTASK.EXE-19709EA6.pf
16.07.2009  09:09            43.608 INORT.EXE-1DF2E349.pf
15.07.2009  21:43            61.112 UPDATE.EXE-06937079.pf
15.07.2009  21:43            65.182 UPDATE.EXE-33377EDB.pf
15.07.2009  21:43            52.152 UPDATE.EXE-05FCCB53.pf
15.07.2009  21:42            31.910 LOGONUI.EXE-0AF22957.pf
15.07.2009  21:40            13.216 MBAM.EXE-11D8BBD8.pf
15.07.2009  21:25            13.564 MBAMGUI.EXE-1E06AB95.pf
15.07.2009  21:25            26.156 MBAM-SETUP[2].TMP-02F26FC2.pf
15.07.2009  21:25            19.112 MBAM-SETUP[2].EXE-0408816B.pf
15.07.2009  21:20            16.622 NET.EXE-01A53C2F.pf
15.07.2009  21:20            13.780 SOFFICE.BIN-0C62DC9C.pf
15.07.2009  21:20            23.192 MOFCOMP.EXE-01718E95.pf
15.07.2009  21:20          150.100 PSYSTEM.EXE-24FAB496.pf
15.07.2009  21:20            17.214 SERVIC~1.EXE-22757822.pf
15.07.2009  21:20            44.450 TVPSERVICE.EXE-272AD0F8.pf
15.07.2009  21:20            23.476 HP WIRELESS ASSISTANT.EXE-231BE1D2.pf
15.07.2009  21:20            20.512 SYNTPENH.EXE-3967AE36.pf
15.07.2009  20:57            20.704 _IU14D2N.TMP-11A11631.pf
15.07.2009  20:57            23.014 UNINS000.EXE-019B5229.pf
15.07.2009  20:56            53.760 RUNDLL32.EXE-13404D23.pf
15.07.2009  20:47          107.112 EXCEL.EXE-0DC93B7A.pf
15.07.2009  20:31            20.124 MBAM-SETUP[1].TMP-33B54200.pf
15.07.2009  20:31            18.662 MBAM-SETUP[1].EXE-33BA6DBC.pf
15.07.2009  20:25            91.086 WINWORD.EXE-3395695A.pf
15.07.2009  20:20            56.860 NOTEPAD.EXE-336351A9.pf
15.07.2009  20:20            88.238 HIJACKTHIS.EXE-39024128.pf
15.07.2009  20:20            40.160 ACRORD32INFO.EXE-30CEC19C.pf
15.07.2009  19:33            12.338 INOUPDATE.EXE-0B741B9F.pf
15.07.2009  19:33            32.940 INORPC.EXE-390BF501.pf
15.07.2009  19:03            96.108 RUNDLL32.EXE-2BF3472E.pf
15.07.2009  18:58            56.832 CCLEANER.EXE-065E2F3F.pf
15.07.2009  18:55            12.780 INOUPDATE.EXE-060EB6D0.pf
15.07.2009  17:39            37.940 GOOGLETOOLBARNOTIFIER.EXE-09E6E9C6.pf
15.07.2009  16:44            67.282 HELPSVC.EXE-2878DDA2.pf
15.07.2009  15:55            73.870 GOOGLEUPDATER.EXE-36CE3796.pf
15.07.2009  15:48            60.306 INSTALLER.EXE-1B95948A.pf
30.06.2009  13:48            17.948 TASKMGR.EXE-20256C55.pf
              95 Datei(en)      5.399.646 Bytes
              0 Verzeichnis(se),  6.150.152.192 Bytes frei
 
----- Tasks ----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\tasks

16.07.2009  13:24            1.084 GoogleUpdateTaskMachineCore.job
16.07.2009  13:24            1.088 GoogleUpdateTaskMachineUA.job
16.07.2009  12:41            1.044 Google Software Updater.job
16.07.2009  12:41                6 SA.DAT
07.07.2009  18:31              276 AppleSoftwareUpdate.job


----- Windows/Temp -----------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Temp

16.07.2009  13:37            3.262 2.ico
16.07.2009  13:37            3.262 3.ico
16.07.2009  13:37            3.262 1.ico
16.07.2009  12:41            16.384 Perflib_Perfdata_418.dat
16.07.2009  12:41                0 CLML_AGENT_LOG1.txt
16.07.2009  12:41                0 sqlite_GOgnK30qxjcbnAb
15.07.2009  15:52              120 creg.dat
15.07.2009  15:52              128 c.dat
15.07.2009  15:52              458 4otjesjty.mof
15.07.2009  10:25            1.055 hpzglue10.log
15.07.2009  10:22          512.475 dneinst.log
01.07.2009  20:22            1.055 hpzglue09.log
01.07.2009  18:47            2.048 sqlite_JbA4YRVrTzoq5kO
01.07.2009  18:47            16.384 Perflib_Perfdata_208.dat
01.07.2009  18:46            1.055 hpzglue08.log
30.06.2009  13:49            1.055 hpzglue07.log
27.06.2009  08:22            2.048 sqlite_xxElcanwu7WIrva
27.06.2009  08:22            16.384 Perflib_Perfdata_7b4.dat
27.06.2009  08:21            1.055 hpzglue06.log
25.06.2009  20:19            2.048 sqlite_X1VUvGYVKCoxvon
25.06.2009  20:19            16.384 Perflib_Perfdata_2c0.dat
25.06.2009  20:19            1.055 hpzglue05.log
25.06.2009  17:38            1.055 hpzglue04.log
25.06.2009  13:34            1.055 hpzglue03.log
25.06.2009  07:04            1.055 hpzglue02.log
24.06.2009  14:19            1.055 hpzglue01.log
24.06.2009  08:57            1.055 hpzglue00.log
23.06.2009  15:44            1.055 hpzglue99.log
23.06.2009  14:52            1.055 hpzglue98.log
22.06.2009  23:01            1.055 hpzglue97.log
21.06.2009  20:31          360.448 sqlite_Bt8rgTb0kSIl8rv
21.06.2009  20:30            1.055 hpzglue96.log
20.06.2009  10:50            1.055 hpzglue95.log
18.06.2009  14:34            1.055 hpzglue94.log
18.06.2009  08:06            1.055 hpzglue93.log
17.06.2009  08:02            1.055 hpzglue92.log
17.06.2009  07:09            1.055 hpzglue91.log
16.06.2009  22:29            1.055 hpzglue90.log
16.06.2009  22:28            10.135 GoogleToolbarInstaller2.log
16.06.2009  22:28            10.349 GoogleToolbarInstaller1.log
16.06.2009  20:30                85 SetupAdmin1090.log
16.06.2009  11:13            1.055 hpzglue89.log
16.06.2009  07:54            16.384 Perflib_Perfdata_884.dat
16.06.2009  07:54            2.048 sqlite_W1ZoWTZRPDINpzH
16.06.2009  07:54            1.055 hpzglue88.log
15.06.2009  08:32            1.055 hpzglue87.log
14.06.2009  21:47            1.055 hpzglue86.log
12.06.2009  08:28            1.055 hpzglue85.log
11.06.2009  10:34            1.055 hpzglue84.log
10.06.2009  15:24            1.055 hpzglue83.log
10.06.2009  15:14            1.055 hpzglue82.log
09.06.2009  13:49            1.055 hpzglue81.log
08.06.2009  11:12            1.055 hpzglue80.log
30.05.2009  19:59            1.055 hpzglue79.log
25.05.2009  09:41            16.384 Perflib_Perfdata_4ec.dat
25.05.2009  09:41            1.055 hpzglue78.log
24.05.2009  14:45            1.055 hpzglue77.log
24.05.2009  09:31            1.055 hpzglue76.log
21.05.2009  20:54            1.055 hpzglue75.log
18.05.2009  21:48            77.859 CLML_AGENT_LOG2.txt
13.05.2009  17:20            1.055 hpzglue74.log
08.05.2009  22:44            1.055 hpzglue73.log
06.05.2009  12:13            1.055 hpzglue72.log
25.04.2009  10:21            1.055 hpzglue71.log
23.04.2009  20:56            2.576 sqlite_yI3dMsZ24hioWEv-journal
23.04.2009  11:02            2.048 sqlite_yI3dMsZ24hioWEv
23.04.2009  11:01            16.384 Perflib_Perfdata_4fc.dat
23.04.2009  11:01            1.055 hpzglue70.log
20.04.2009  21:05            2.048 sqlite_8xBY0c1CpgrwZu3
20.04.2009  21:05            16.384 Perflib_Perfdata_754.dat
20.04.2009  21:05            1.055 hpzglue69.log
20.04.2009  10:26            1.055 hpzglue68.log
20.04.2009  08:17            2.048 sqlite_2YFTQf33QmjDeTd
20.04.2009  08:17            16.384 Perflib_Perfdata_778.dat
20.04.2009  08:17            1.055 hpzglue67.log
16.04.2009  09:18            1.055 hpzglue66.log
14.04.2009  14:20            1.055 hpzglue65.log
09.04.2009  10:23            1.055 hpzglue64.log
05.04.2009  10:06            1.055 hpzglue63.log
04.04.2009  15:30            2.048 sqlite_Meqp6plGxLPfC3U
04.04.2009  15:29            16.384 Perflib_Perfdata_704.dat
04.04.2009  15:29            1.055 hpzglue62.log
03.04.2009  14:05            1.055 hpzglue61.log
02.04.2009  10:41            1.055 hpzglue60.log
01.04.2009  20:20            1.055 hpzglue59.log
01.04.2009  12:40            1.055 hpzglue58.log
01.04.2009  11:53            1.055 hpzglue57.log
31.03.2009  20:54            1.055 hpzglue56.log
25.03.2009  14:40            1.055 hpzglue55.log
24.03.2009  18:22            1.055 hpzglue54.log
24.03.2009  14:34            1.055 hpzglue53.log
22.03.2009  18:21            1.055 hpzglue52.log
20.03.2009  16:26            1.055 hpzglue51.log
20.03.2009  13:59            1.055 hpzglue50.log
19.03.2009  15:34            1.055 hpzglue49.log
19.03.2009  09:19            1.055 hpzglue48.log
18.03.2009  19:51            1.055 hpzglue47.log
18.03.2009  11:24            1.055 hpzglue46.log
17.03.2009  15:56            1.055 hpzglue45.log
17.03.2009  15:12            1.055 hpzglue44.log
17.03.2009  14:08            1.055 hpzglue43.log
16.03.2009  14:51            1.055 hpzglue42.log
13.03.2009  11:08            1.055 hpzglue41.log
12.03.2009  17:18            1.055 hpzglue40.log
12.03.2009  09:00            1.055 hpzglue39.log
11.03.2009  09:02            1.055 hpzglue38.log
10.03.2009  09:04            1.055 hpzglue37.log
09.03.2009  08:59            1.055 hpzglue36.log
06.03.2009  18:04            2.365 arc0000.tmp
06.03.2009  12:21            1.055 hpzglue35.log
04.03.2009  18:45            1.055 hpzglue34.log
04.03.2009  14:23            1.055 hpzglue33.log
04.03.2009  09:19            1.055 hpzglue32.log
03.03.2009  21:06            1.055 hpzglue31.log
03.03.2009  13:57            1.055 hpzglue30.log
02.03.2009  18:34            1.055 hpzglue29.log
02.03.2009  14:55            1.055 hpzglue28.log
01.03.2009  10:26            1.055 hpzglue27.log
27.02.2009  11:26            1.055 hpzglue26.log
21.02.2009  11:37            1.055 hpzglue25.log
20.02.2009  10:27            1.055 hpzglue24.log
19.02.2009  18:31            1.055 hpzglue23.log
18.02.2009  11:10            1.055 hpzglue22.log
15.02.2009  12:30            1.055 hpzglue21.log
14.02.2009  09:43            1.055 hpzglue20.log
11.02.2009  17:54            1.055 hpzglue19.log
11.02.2009  09:26            1.055 hpzglue18.log
06.02.2009  21:39              777 hpzcoi14.log
06.02.2009  21:39              707 hpzcoi15.log
06.02.2009  21:39              596 hpzcoi13.log
06.02.2009  21:39              596 hpzcoi12.log
06.02.2009  21:39              596 hpzcoi11.log
06.02.2009  21:39              596 hpzcoi10.log
06.02.2009  21:39              596 hpzcoi09.log
06.02.2009  21:39              596 hpzcoi08.log
06.02.2009  21:39              596 hpzcoi07.log
06.02.2009  21:39              707 hpzcoi06.log
06.02.2009  21:39              777 hpzcoi05.log
06.02.2009  21:39              596 hpzcoi04.log
06.02.2009  21:39              596 hpzcoi03.log
04.02.2009  17:44            1.055 hpzglue17.log
04.02.2009  09:47            1.055 hpzglue16.log
03.02.2009  20:44            1.055 hpzglue15.log
02.02.2009  16:50            1.055 hpzglue14.log
01.02.2009  17:57            1.055 hpzglue13.log
30.01.2009  15:43            1.055 hpzglue12.log
30.01.2009  09:34            1.055 hpzglue11.log
17.01.2009  20:46              596 hpzcoi02.log
17.01.2009  20:46              596 hpzcoi01.log
17.01.2009  20:46              596 hpzcoi00.log
15.01.2009  21:19            2.048 sqlite_xWd0BKTuzwaQhFb


----- Temp -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\DOKUME~1\Sebi\LOKALE~1\Temp

16.07.2009  13:47            98.304 ~DFC224.tmp
16.07.2009  13:37              120 creg.dat
16.07.2009  13:37              128 c.dat
16.07.2009  12:46              976 jusched.log
16.07.2009  12:42            16.384 ~DF61CA.tmp
16.07.2009  12:42              458 4otjesjty.mof
16.07.2009  12:41            16.384 ~DF4447.tmp
16.07.2009  12:41            16.384 ~DF2655.tmp
16.07.2009  09:09              158 duplmsg.txt
              9 Datei(en)        149.296 Bytes
              0 Verzeichnis(se),  6.150.135.808 Bytes frei

csae8815 16.07.2009 13:08
programme laut ccleaner:

Code:
Aare MP3 WAV Converter Plus
ACE-HIGH MP3 WAV WMA OGG Converter
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Premiere Pro
Adobe Reader 7.0 - Deutsch
Advanced MP3 Converter 3.00
Advanced WMA MP3 Converter version 1.2
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Display Driver
ATI Systemsteuerung
AVI Splitter
avi.NET v2.5.1.0
AviSynth 2.5
Azureus
Bagger-Simulator 2008
Bonjour
CA eTrust Antivirus
CCleaner (remove only)
ChamSys MagicQ PC
Cisco Systems VPN Client 5.0.02.0090
Compatibility Pack for the 2007 Office system
concept/design onlineTV 5
Conexant AC-Link Audio
ContextTool
Corel Graphics Suite 11
Desktop Sidebar
Digital Camera Driver
Digital Make-Up
DiskAid 2.12
DivX
DMXCreator V5.89f TimeLine-TCPIP
Driver Updater Pro
ecue Programmer 3.6.305.1
Einfache Internetanmeldung
EViews 5
Eztoo Video To iPod Converter 2.00
FBrowsingAdvisor
Free Video Dub version 1.4
Free WMA to MP3 Converter 1.16
Free YouTube to Mp3 Converter version 3.1
FreePDF XP (Remove only)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GPL Ghostscript 8.64
grandMA onPC 5.810
GXTranscoder v2
HASP HL Device Driver
HijackThis 2.0.2
hp deskjet 5600 series
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Software Update
HP TVPlay
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
InterActual Player
InterVideo WinDVD 7
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
LD Calculator Lite 1.02 b1
LimeWire 5.0.11
Magic 3D EasyView 2006
Malwarebytes' Anti-Malware
Martin LightJockey version 2.7 build 5
Messer v0.98
Messer v0.992
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microtek FineReader OCR Engine
Mirar
MobileMe Control Panel
MobileVideo For iPod 3.6
MPEG Joiner
mpowerplayer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nokia PC Suite 6.1
OpenOffice.org 2.4
Optimierung aufgrund von Kundenerfahrungen
ORF-Ski Challenge 2008
Paint Shop Pro 7 Anniversary Edition
PC CCID
PDFCreator
PDF-to-Word 3.1 Demo
Power MP3 WMA Converter 2006, (ver 3.42)
Protection System
Quick Launch Buttons 5.20 G1
QuickTime
RealPlayer
RedMon - Redirection Port Monitor
Safari
SAP Front End
ScanWizard 5
Sid Meier's Railroad Tycoon
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoulSeek Client 156c
SPSS 15.0 für Windows [Auswertung Version]
SUPER © Version 2007.bld.22 (Mar 14, 2007)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
trustDesk basic
Ultra MP4 Video Converter 4.3.0119
Uninstall 1.0.0.1
Videora iPod Converter 4.06
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR Archivierer
Winterspiele
Xvid 1.1.2 final uninstall
YouTube Downloader App 1.02
Zebedee Secure Tunnel Version 2.4.1A

das "windows-ähnliche"- Programm "Protection system" - macht mir besonders seit gestern ärger- ständige POP ups und alerts.

ich habe das Programm aber nie - wissentlich- installiert- habe auch schon versucht es zu deinstallieren über Start/programme und über System/Software..
kommt aber leider immer wieder!

Vielen Dank für deine Hilfe!

wär schön wenn es irgendwie ohne format c: gehen würde ;)


LG Sebastian

nicobanger 16.07.2009 13:49
ich kann dir sagen was dieses "protection center/system" is

und zwar war das bei meinem alten pc auch da als irwie mein antivir verschwunden war des is so zu sagen dein ober-notfallsystem wenn du n virus hast und windows den virus selbst als solches schon erkennt

es ist nicht installier/deinstallierbar weil es schon beim installieren von windows selbst aufgespielt wird

und auch wenn du es deinstallierst installiert es sich immer wieder selbst im hintergrund, weil sonst könnte ja jeder virus dieses notfall-system deinstallieren und hätte freie bahn...

ich hoffe, dass ich dir mit diesem beitrag weiterhelfen kann, sobald du alle viren beseitigt hast verschwindet auch das protection center/system wieder

liebe grüsse dein nico


achso format :c lässt windows nich zu... schau einfach dass du die virenb wegbekommst

kira 16.07.2009 14:58
hi

1.
so kann Dir keiner garantieren, dass dein System sauber wird/bleibt:

Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...;)
am besten sofort deinstallieren: unter "Start-->Systemsteureung-->Software-->Ändern/Entfernen..."

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
poste erneut:
Trend Micro HijackThis-Logfile
filelist.bat - den letzten sechs Monaten!

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

csae8815 19.07.2009 21:07
hi, danke dir für deine Antworten!

Sorry hat leider ein bißchen länger gedauert:

File von SuperAntiSpyware
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/19/2009 at 09:47 PM

Application Version : 4.26.1006

Core Rules Database Version : 4003
Trace Rules Database Version: 1943

Scan type      : Quick Scan
Total Scan Time : 00:15:08

Memory items scanned      : 709
Memory threats detected  : 6
Registry items scanned    : 696
Registry threats detected : 121
File items scanned        : 8911
File threats detected    : 35

Rootkit.Agent/Gen-UACFake
        \?\GLOBALROOT\C:\WINDOWS\SYSTEM32\UACIOMUBWFTABGOPSMVK.DLL
        \?\GLOBALROOT\C:\WINDOWS\SYSTEM32\UACIOMUBWFTABGOPSMVK.DLL
        C:\WINDOWS\SYSTEM32\UACIOMUBWFTABGOPSMVK.DLL
        C:\WINDOWS\SYSTEM32\UACJYIPYXMTSWXXNKDGL.DLL
        C:\WINDOWS\SYSTEM32\UACKMRGOBOEWLOBFSEHY.DLL
        C:\WINDOWS\SYSTEM32\UACLHSEFYCQCNAQNGMCK.DLL
        C:\WINDOWS\SYSTEM32\UACQLRVJHTUIHSSFRKDU.DLL
        C:\WINDOWS\SYSTEM32\UACXEAEXEYJMXJLIBMYK.DLL

Trojan.Service
        C:\WINDOWS\SYSTEM32\SERVICE.EXE
        C:\WINDOWS\SYSTEM32\SERVICE.EXE
        [MDNS] C:\WINDOWS\SYSTEM32\SERVICE.EXE
        C:\WINDOWS\Prefetch\SERVICE.EXE-396E850B.pf

Rogue.ProtectionSystem
        C:\PROGRAMME\PROTECTION SYSTEM\PSYSTEM.EXE
        C:\PROGRAMME\PROTECTION SYSTEM\PSYSTEM.EXE
        [Protection System] C:\PROGRAMME\PROTECTION SYSTEM\PSYSTEM.EXE
        C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENü\PROGRAMME\PROTECTION SYSTEM\PROTECTION SYSTEM SUPPORT.LNK
        C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENü\PROGRAMME\PROTECTION SYSTEM\PROTECTION SYSTEM.LNK
        C:\WINDOWS\TEMP\UAC6131.TMP
        C:\WINDOWS\TEMP\UACAFBE.TMP
        C:\WINDOWS\TEMP\UACF97F.TMP
        C:\WINDOWS\TEMP\UACF9DB.TMP
        C:\WINDOWS\Prefetch\PSYSTEM.EXE-24FAB496.pf

Adware.Mirar/NetNucleus
        C:\WINDOWS\SYSTEM32\WINNB58.DLL
        C:\WINDOWS\SYSTEM32\WINNB58.DLL
        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
        HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
        HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
        HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
        HKU\S-1-5-21-1852182569-48238326-1385623105-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
        HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
        HKU\S-1-5-21-1852182569-48238326-1385623105-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
        HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
        HKU\S-1-5-21-1852182569-48238326-1385623105-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
        HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
        HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
        HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
        HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
        HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
        HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
        HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
        HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
        HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
        HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
        HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
        HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
        HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
        HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
        HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString

Adware.Vundo Variant
        C:\WINDOWS\SYSTEM32\WINGENOCX.DLL
        C:\WINDOWS\SYSTEM32\WINGENOCX.DLL

Adware.ContextHelper
        C:\PROGRAMME\CONTEXTTOOL\CONTEXTTOOL-3.DLL
        C:\PROGRAMME\CONTEXTTOOL\CONTEXTTOOL-3.DLL
        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}#AppID
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32#ThreadingModel
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\ProgID
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\Programmable
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\TypeLib
        HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\VersionIndependentProgID
        HKCR\PornPro.PornPro_BHO.1
        HKCR\PornPro.PornPro_BHO.1\CLSID
        HKCR\PornPro.PornPro_BHO
        HKCR\PornPro.PornPro_BHO\CLSID
        HKCR\PornPro.PornPro_BHO\CurVer
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}\1.0
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}\1.0\0
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}\1.0\0\win32
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}\1.0\FLAGS
        HKCR\TypeLib\{4D869FEE-157A-49FC-90EF-97C8B52F9DEC}\1.0\HELPDIR
        HKU\S-1-5-21-1852182569-48238326-1385623105-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
        HKCR\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}
        HKCR\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}\ProxyStubClsid
        HKCR\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}\ProxyStubClsid32
        HKCR\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}\TypeLib
        HKCR\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}\TypeLib#Version
        HKCR\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}
        HKCR\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}\ProxyStubClsid
        HKCR\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}\ProxyStubClsid32
        HKCR\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}\TypeLib
        HKCR\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}\TypeLib#Version
        HKCR\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}
        HKCR\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}\ProxyStubClsid
        HKCR\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}\ProxyStubClsid32
        HKCR\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}\TypeLib
        HKCR\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}\TypeLib#Version

Unclassified.Unknown Origin
        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32#ThreadingModel
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ProgID
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\Programmable
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\TypeLib
        HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\VersionIndependentProgID
        HKCR\BhoNew.BhoApp.1
        HKCR\BhoNew.BhoApp.1\CLSID
        HKCR\BhoNew.BhoApp
        HKCR\BhoNew.BhoApp\CLSID
        HKCR\BhoNew.BhoApp\CurVer
        HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
        HKU\S-1-5-21-1852182569-48238326-1385623105-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

Browser Hijacker.Internet Explorer Zone Hijack
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Rootkit.Agent/Gen-UAC
        HKLM\system\controlset001\services\UACd.sys
        C:\WINDOWS\SYSTEM32\DRIVERS\UACMPQQTVYHXDLXCKBGI.SYS
        HKLM\system\controlset002\services\UACd.sys

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\Sebi\Cookies\sebi@revsci[2].txt
        C:\Dokumente und Einstellungen\Sebi\Cookies\sebi@tradedoubler[2].txt
        C:\Dokumente und Einstellungen\Sebi\Cookies\sebi@doubleclick[1].txt
        C:\Dokumente und Einstellungen\Sebi\Cookies\sebi@ad.trackbar[1].txt
        C:\Dokumente und Einstellungen\Sebi\Cookies\sebi@ad.yieldmanager[2].txt

Trojan.Agent/Gen
        C:\WINDOWS\SYSTEM32\UACINIT.DLL

Rogue.Agent/Gen-ProtectionSystem[Core]
        C:\WINDOWS\TEMP\UAC5F0E.TMP
        C:\WINDOWS\TEMP\UAC8D81.TMP
        C:\WINDOWS\TEMP\UACE912.TMP
        C:\WINDOWS\TEMP\UACF7F8.TMP

Rogue.Agent/Gen-ProtectionSystem[Uninstall]
        C:\WINDOWS\TEMP\UAC5FF8.TMP
        C:\WINDOWS\TEMP\UAC9570.TMP
        C:\WINDOWS\TEMP\UACF026.TMP
        C:\WINDOWS\TEMP\UACF8B4.TMP

leider bekomm ich das malwarebytes nicht gestartet- nach dem herunterladen kann ich es leider nicht öffnen. Werde aber noch mal probieren..


4; hijack this:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:01, on 19.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\HP\TVPlay\TVPService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Programme\Protection System\psystem.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SUPERAntiSpyware\3ebee47e-4da5-4eb1-bbcb-87fd7a5fa687.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web-mail2.uibk.ac.at/horde/imp/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TVPService] "C:\Programme\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\3ebee47e-4da5-4eb1-bbcb-87fd7a5fa687.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate1ca01331e46f1ea) (gupdate1ca01331e46f1ea) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\Sebi\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe

--
End of file - 12510 bytes

csae8815 19.07.2009 21:08
filelist:
Code:
----- Root -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\

19.07.2009  21:59                43 filelist.txt
19.07.2009  20:46            2.524 hpqp.ini
19.07.2009  20:46                40 XP_TV.ini
19.07.2009  20:46    1.071.894.528 hiberfil.sys
19.07.2009  20:46    1.610.612.736 pagefile.sys
13.07.2009  10:27            35.669 hpfr5600.log
09.03.2009  15:59        15.832.365 mp4-video-converter-softonic_5.1.2.1[1]

----- Windows --------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS

19.07.2009  20:48        1.491.455 WindowsUpdate.log
19.07.2009  20:47                0 0.log
19.07.2009  20:47              159 wiadebug.log
19.07.2009  20:47                50 wiaservc.log
19.07.2009  20:46            2.048 bootstat.dat
19.07.2009  16:15            32.496 SchedLgU.Txt
17.06.2009  20:20              134 Eztoo Video To iPod Converter.ini
28.05.2009  16:19            3.488 messer.ini
10.03.2009  10:33              118 pro Eztoo Video To iPod Converter.ini
09.03.2009  15:52          115.054 GXTranscoder v2 Uninstaller.exe
17.01.2009  20:47            11.126 hpdj5600.ini
17.01.2009  20:47          237.613 hpdj5600.his


----- System  ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system


----- System 32 (Achtung: Zeitfenster beachten!) ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system32

15.07.2009  15:50            31.232 wingenocx.dll
15.07.2009  14:06          761.344 wscsvc32.exe
15.07.2009  14:06          257.536 resdll.dll
30.06.2009  13:55                16 servdat.slm
30.06.2009  13:55                14 ssprs.tgz
30.06.2009  13:55              219 lsprst7.tgz
30.06.2009  13:55              205 lsprst7.dll
20.06.2009  10:50            1.158 wpa.dbl
17.06.2009  20:20                1 Eztoo Video To iPod Converter.dat
16.06.2009  16:53            82.432 fontsub.dll
16.06.2009  16:53          119.808 t2embed.dll
12.06.2009  08:27          390.384 FNTCACHE.DAT
05.06.2009  11:42        2.060.288 usbaaplrc.dll
03.06.2009  21:26        1.296.384 quartz.dll
26.05.2009  17:18            90.112 QuickTimeVR.qtx
26.05.2009  17:18            57.344 QuickTime.qts
08.05.2009  22:47          426.312 perfh007.dat
08.05.2009  22:47          410.186 perfh009.dat
08.05.2009  22:47            65.326 perfc009.dat
08.05.2009  22:47            78.940 perfc007.dat
08.05.2009  22:47          992.090 PerfStringBackup.INI
07.05.2009  17:42          346.624 localspl.dll
29.04.2009  06:42          827.392 wininet.dll
29.04.2009  06:42          233.472 webcheck.dll
29.04.2009  06:42        1.159.680 urlmon.dll
29.04.2009  06:42            44.544 pngfilt.dll
29.04.2009  06:42          105.984 url.dll
29.04.2009  06:42          102.912 occache.dll
29.04.2009  06:42          671.232 mstime.dll
29.04.2009  06:42          477.696 mshtmled.dll
29.04.2009  06:42          193.024 msrating.dll
29.04.2009  06:42        3.596.288 mshtml.dll
29.04.2009  06:42          459.264 msfeeds.dll
29.04.2009  06:42            52.224 msfeedsbs.dll
29.04.2009  06:42        1.830.912 inetcpl.cpl
29.04.2009  06:42            27.648 jsproxy.dll
29.04.2009  06:41          268.288 iertutil.dll
29.04.2009  06:41            44.544 iernonce.dll
29.04.2009  06:41        6.066.176 ieframe.dll
29.04.2009  06:41            78.336 ieencode.dll
29.04.2009  06:41          153.088 ieakeng.dll
29.04.2009  06:41          385.024 iedkcs32.dll
29.04.2009  06:41          383.488 ieapfltr.dll
29.04.2009  06:41          230.400 ieaksie.dll
29.04.2009  06:41            63.488 icardie.dll
29.04.2009  06:41          133.120 extmgr.dll
29.04.2009  06:41          214.528 dxtrans.dll
29.04.2009  06:41          124.928 advpack.dll
29.04.2009  06:41          347.136 dxtmsft.dll
28.04.2009  15:54                0 ssprs.dll
28.04.2009  11:05          389.120 html.iec
28.04.2009  11:05            13.824 ieudinit.exe
28.04.2009  11:05            70.656 ie4uinit.exe
25.04.2009  07:26          161.792 ieakui.dll
19.04.2009  22:06        1.846.784 win32k.sys
15.04.2009  17:29          583.168 rpcrt4.dll
15.04.2009  11:56          374.272 xpsp3res.dll
21.03.2009  16:20        1.059.840 kernel32.dll
09.03.2009  16:04              336 temp_0000_85-20.aok
09.03.2009  16:03              186 test.aok
06.03.2009  15:59          286.720 pdh.dll
11.02.2009  17:55              664 d3d9caps.dat
09.02.2009  13:39        2.065.280 ntkrnlpa.exe
09.02.2009  13:39        2.188.416 ntoskrnl.exe
09.02.2009  12:00          736.256 lsasrv.dll
09.02.2009  12:00          401.408 rpcss.dll
09.02.2009  12:00          678.912 advapi32.dll
09.02.2009  12:00          740.864 ntdll.dll
09.02.2009  11:48          111.104 services.exe
06.02.2009  11:54            35.328 sc.exe
04.02.2009  22:11          148.888 javaws.exe
04.02.2009  22:11          144.792 javaw.exe
04.02.2009  22:11            73.728 javacpl.cpl
04.02.2009  22:11          144.792 java.exe
04.02.2009  22:11          410.984 deploytk.dll
03.02.2009  22:08            55.808 secur32.dll



----- Prefetch -------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Prefetch

19.07.2009  21:59            15.142 FIND.EXE-0EC32F1E.pf
19.07.2009  21:59            23.248 CMD.EXE-087B4001.pf
19.07.2009  21:58            58.148 NOTEPAD.EXE-336351A9.pf
19.07.2009  21:58            60.390 WMIPRVSE.EXE-28F301A9.pf
19.07.2009  21:58            93.010 HIJACKTHIS.EXE-39024128.pf
19.07.2009  21:52            90.454 IEXPLORE.EXE-2CA9778D.pf
19.07.2009  21:51            13.310 MBAM.EXE-11D8BBD8.pf
19.07.2009  21:31            18.698 VERCLSID.EXE-3667BD89.pf
19.07.2009  21:31            16.726 RUNDLL32.EXE-451FC2C0.pf
19.07.2009  21:27            30.758 3EBEE47E-4DA5-4EB1-BBCB-87FD7-1814AE75.pf
19.07.2009  21:27            32.118 RUNSAS.EXE-0FC4A896.pf
19.07.2009  21:27            31.678 DWWIN.EXE-30875ADC.pf
19.07.2009  21:27            18.894 SUPERANTISPYWARE.EXE-033808EC.pf
19.07.2009  21:25            30.590 MSIEXEC.EXE-2F8A8CAE.pf
19.07.2009  21:25            43.268 SUPERANTISPYWARE[1].EXE-1E8CCF5E.pf
19.07.2009  21:22            53.904 IV_NT86.EXE-247E4DA9.pf
19.07.2009  21:22            12.580 INOUPDATE.EXE-207A013D.pf
19.07.2009  21:22            68.330 INODIST.EXE-1EAB7ACC.pf
19.07.2009  21:21            27.120 REGSVR32.EXE-25EEFE2F.pf
19.07.2009  21:21            13.564 MBAMGUI.EXE-1E06AB95.pf
19.07.2009  21:21            19.752 MBAM-SETUP[1].TMP-0E17A278.pf
19.07.2009  21:21            18.434 MBAM-SETUP[1].EXE-241B926D.pf
19.07.2009  21:14            96.548 HELPSVC.EXE-2878DDA2.pf
19.07.2009  21:13            17.974 DFRGNTFS.EXE-269967DF.pf
19.07.2009  21:13            19.674 DEFRAG.EXE-273F131E.pf
19.07.2009  21:13          493.896 Layout.ini
19.07.2009  21:10            14.728 GOOGLEUPDATE.EXE-187AE91D.pf
19.07.2009  20:55            20.822 _IU14D2N.TMP-11A11631.pf
19.07.2009  20:55            23.090 UNINS000.EXE-019B5229.pf
19.07.2009  20:51            24.942 REALPLAY.EXE-39F79CBD.pf
19.07.2009  20:49            23.440 GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf
19.07.2009  20:48            23.628 WUAUCLT.EXE-399A8E72.pf
19.07.2009  20:47            38.574 WMIAPSRV.EXE-1E2270A5.pf
19.07.2009  20:47            78.446 WSCSVC32.EXE-0CFB75BB.pf
19.07.2009  20:47            23.012 HPQTOA~1.EXE-39311BAA.pf
19.07.2009  20:47            19.624 ALG.EXE-0F138680.pf
19.07.2009  20:47            15.462 STCLIENT_WRAPPER.EXE-097360FB.pf
19.07.2009  20:47            17.980 HPQWA_UI.EXE-23739E7D.pf
19.07.2009  20:47            18.826 HPQWMIEX.EXE-13981AE1.pf
19.07.2009  20:47            20.072 IPODSERVICE.EXE-233792DA.pf
19.07.2009  20:47            22.656 SVCHOST.EXE-3530F672.pf
19.07.2009  20:47            38.966 TVPCAPSVC.EXE-13575CC2.pf
19.07.2009  20:47            17.654 MDM.EXE-27F66238.pf
19.07.2009  20:47            47.024 JQS.EXE-352796B1.pf
19.07.2009  20:47            14.818 LSSRVC.EXE-164808EA.pf
19.07.2009  20:47            33.566 INOTASK.EXE-19709EA6.pf
19.07.2009  20:47            32.980 INORPC.EXE-390BF501.pf
19.07.2009  20:47            43.608 INORT.EXE-1DF2E349.pf
19.07.2009  20:47        1.205.660 NTOSBOOT-B00DFAAD.pf
19.07.2009  16:13            24.138 LOGONUI.EXE-0AF22957.pf
19.07.2009  14:47            13.534 LOGON.SCR-151EFAEA.pf
19.07.2009  14:39            26.924 REALSCHED.EXE-0A2A7558.pf
19.07.2009  11:44            49.966 POWERPNT.EXE-28A8DBA4.pf
19.07.2009  11:23            72.708 GOOGLEUPDATER.EXE-36CE3796.pf
19.07.2009  11:20            34.036 ACRORD32INFO.EXE-30CEC19C.pf
19.07.2009  11:20            86.626 WINWORD.EXE-3395695A.pf
18.07.2009  15:06            99.212 RUNDLL32.EXE-2BF3472E.pf
18.07.2009  15:06            62.058 CCLEANER.EXE-065E2F3F.pf
18.07.2009  14:40            17.838 RUNDLL32.EXE-126D4DB5.pf
18.07.2009  14:39            26.268 TVPSCHED.EXE-2A0E55F0.pf
17.07.2009  21:58          103.280 EXCEL.EXE-0DC93B7A.pf
17.07.2009  21:55            17.542 UNINST.EXE-019BF32E.pf
17.07.2009  21:54            17.764 A~NSISU_.EXE-014E8D6E.pf
17.07.2009  21:54            16.298 UNINSTALL.EXE-0B559CB1.pf
17.07.2009  21:54            19.708 AU_.EXE-3875705F.pf
17.07.2009  21:54            17.388 UNINSTALL.EXE-27217D4A.pf
17.07.2009  21:53            64.044 RUNDLL32.EXE-13404D23.pf
16.07.2009  20:25            22.666 RESIZER.EXE-1FCC5163.pf
16.07.2009  20:25            99.172 WINRAR.EXE-3588DFE8.pf
16.07.2009  15:01            12.816 INOUPDATE.EXE-0A727150.pf
16.07.2009  14:48            79.426 ACRORD32.EXE-0EC716D9.pf
16.07.2009  14:15            12.416 INOUPDATE.EXE-1B98E3C3.pf
16.07.2009  13:45            47.146 Y9PWQPIU.EXE-1CC85239.pf
16.07.2009  13:43            38.626 INOCIT.EXE-06E0153F.pf
16.07.2009  12:42            18.000 NET1.EXE-029B9DB4.pf
16.07.2009  12:42            50.946 HPQIMZONE.EXE-23C44CEA.pf
16.07.2009  12:42            19.954 SCANNERFINDER.EXE-02ABF949.pf
16.07.2009  12:42            18.570 WINCINEMAMGR.EXE-04A7509F.pf
16.07.2009  12:42            46.136 HPQTHB08.EXE-059C512F.pf
16.07.2009  12:42            23.280 BTTRAY.EXE-39EE8F25.pf
16.07.2009  12:42            16.952 READER_SL.EXE-36135169.pf
16.07.2009  12:42            22.568 VPNGUI.EXE-10986A0F.pf
16.07.2009  12:42            22.626 DATALA~1.EXE-1A4F4FF6.pf
16.07.2009  12:42            29.268 REALMON.EXE-040CB3EE.pf
16.07.2009  12:42            17.276 MSMSGS.EXE-32066BA5.pf
16.07.2009  12:42            16.712 ADOBE GAMMA LOADER.EXE-1FD09C3A.pf
16.07.2009  12:42            21.332 TRAYAP~1.EXE-18CE5F88.pf
16.07.2009  12:42            23.428 EABSERVR.EXE-2897917A.pf
16.07.2009  12:42            46.294 QPSERVICE.EXE-3158759B.pf
16.07.2009  12:42            18.300 RECGUARD.EXE-3990548D.pf
16.07.2009  12:42            16.880 REGEDIT.EXE-1B606482.pf
16.07.2009  12:42            12.242 INSTALL.DLL-1C3EBFA1.pf
16.07.2009  12:42            13.738 CPQSET.EXE-0830D086.pf
15.07.2009  21:43            61.112 UPDATE.EXE-06937079.pf
15.07.2009  21:43            65.182 UPDATE.EXE-33377EDB.pf
15.07.2009  21:43            52.152 UPDATE.EXE-05FCCB53.pf
15.07.2009  21:25            26.156 MBAM-SETUP[2].TMP-02F26FC2.pf
15.07.2009  21:25            19.112 MBAM-SETUP[2].EXE-0408816B.pf
15.07.2009  21:20            16.622 NET.EXE-01A53C2F.pf
15.07.2009  21:20            23.192 MOFCOMP.EXE-01718E95.pf
15.07.2009  21:20            13.780 SOFFICE.BIN-0C62DC9C.pf
15.07.2009  21:20            17.214 SERVIC~1.EXE-22757822.pf
15.07.2009  21:20            44.450 TVPSERVICE.EXE-272AD0F8.pf
15.07.2009  21:20            23.476 HP WIRELESS ASSISTANT.EXE-231BE1D2.pf
15.07.2009  21:20            20.512 SYNTPENH.EXE-3967AE36.pf
15.07.2009  20:31            20.124 MBAM-SETUP[1].TMP-33B54200.pf
15.07.2009  20:31            18.662 MBAM-SETUP[1].EXE-33BA6DBC.pf
15.07.2009  19:33            12.338 INOUPDATE.EXE-0B741B9F.pf
15.07.2009  18:55            12.780 INOUPDATE.EXE-060EB6D0.pf
15.07.2009  17:39            37.940 GOOGLETOOLBARNOTIFIER.EXE-09E6E9C6.pf
15.07.2009  15:48            60.306 INSTALLER.EXE-1B95948A.pf
30.06.2009  13:48            17.948 TASKMGR.EXE-20256C55.pf
            112 Datei(en)      5.336.946 Bytes
              0 Verzeichnis(se),  6.577.872.896 Bytes frei


----- Tasks ----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\tasks

19.07.2009  21:19            1.088 GoogleUpdateTaskMachineUA.job
19.07.2009  20:49            1.044 Google Software Updater.job
19.07.2009  20:48            1.084 GoogleUpdateTaskMachineCore.job
19.07.2009  20:46                6 SA.DAT
07.07.2009  18:31              276 AppleSoftwareUpdate.job


----- Windows/Temp -----------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Temp

19.07.2009  20:47            3.262 3.ico
19.07.2009  20:47            3.262 2.ico
19.07.2009  20:47            3.262 1.ico
19.07.2009  20:47            16.384 Perflib_Perfdata_dfc.dat
19.07.2009  20:46                0 sqlite_XTjcgu3rnSidh5H
19.07.2009  20:46                0 CLML_AGENT_LOG1.txt
              6 Datei(en)        26.170 Bytes
              0 Verzeichnis(se),  6.577.868.800 Bytes frei

----- Temp -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\DOKUME~1\Sebi\LOKALE~1\Temp

19.07.2009  21:57          114.688 ~DF1336.tmp
19.07.2009  20:51            1.708 jusched.log
19.07.2009  20:49            98.304 ~DF87D8.tmp
19.07.2009  20:47              158 duplmsg.txt
19.07.2009  20:47            16.384 ~DF9CD5.tmp
19.07.2009  20:46            16.384 ~DFD2B5.tmp
19.07.2009  20:46            16.384 ~DFC1B6.tmp
15.07.2009  21:25          692.496 _iu14D2N.tmp
              8 Datei(en)        956.506 Bytes
              0 Verzeichnis(se),  6.577.868.800 Bytes frei

Vielen Dank!!!!!

schöne grüße
sebastian

csae8815 20.07.2009 09:40
hab jetzt doch noch malware starten können:
hier ist das logfile:

Code:
Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2465
Windows 5.1.2600 Service Pack 2

20.07.2009 10:24:03
mbam-log-2009-07-20 (10-24-03).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|J:\|)
Durchsuchte Objekte: 250883
Laufzeit: 1 hour(s), 41 minute(s), 31 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 5
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreGuard2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Programme\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Programme\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\Temp\uac5e23.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uac82b3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uace3f1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uacf76c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\XPCOMEvents.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.
c:\programme\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\programme\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\programme\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
c:\programme\fbrowsingadvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
c:\programme\protection system\blacklist.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\programme\protection system\core.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\programme\protection system\firewall.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\programme\protection system\help.ico (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\startmenü\programme\protection system\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
DANKE

kira 20.07.2009 13:56
hi

1.
den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw
das Malwarebytes deinstallieren
Gmer kannst auch entfernen

2.
- Speichermedien wie Externe Festplatte/USB-Stick (falls vorhanden) usw bitte anschließen, halte dabei die Shift-Taste gedrückt!
- Lade das Combofix von einem der folgenden Download Spiegel herunter:
BleepingComputer - ForoSpyware
oder GeeksToGo
- Wichtig!: installiere auf den Desktop
- Antiviren, - und andere Schutz/Spyprogramme bitte deaktivieren
- Schließe jeder externe Datenträger (USB Stick und USB Festplatte etc) an dein Computer an - dabei die Shift-Taste bitte unbedingt gedrückt halten!
- Per Doppelklick die ComboFix.exe starten und den Anweisungen folgen
- Falls die Microsoft-Windows-Wiederherstellungskonsole auf dein Rechner nicht installiert ist, und wenn du direkt gefragt wirst, es zu ermöglichen stimme dem Lizenzvertrag zu. Danach erscheint ein Fenster zur Bestätigung, ansonsten wird ComboFix mit der Arbeit fortfahren
- bestätige mit "ja", damit den Suchlauf automatisch beginnen kann
Zitat:
Achtung! Während ComboFix läuft: Ab sofort die Maus nicht mehr bewegen oder/und auf dem PC irgendetwas machen!!
** Für alle die das Tool benutzen, eine gewisse Vorsicht geboten, also die Reihenfolge und Anweisungen gründlich lesen und streng einhalten!!
- wird ein Log-Datei - C:\ComboFix.txt erstellt, deren Inhalte bitte posten
** Eine bebilderte Anleitung findest Du hier: bleepingcomputer.com/combofix/Anleitung

3.
poste erneut:
Trend Micro HijackThis-Logfile
filelist.bat - den letzten sechs Monaten!

csae8815 20.07.2009 14:01
so nun schauts erst mal ganz gut aus- keine Virusmeldungen mehr...

hab nochmal den akutellsten log von Hijack this:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:50, on 20.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\HP\TVPlay\TVPService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\SUPERAntiSpyware\3ebee47e-4da5-4eb1-bbcb-87fd7a5fa687.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web-mail2.uibk.ac.at/horde/imp/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TVPService] "C:\Programme\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\3ebee47e-4da5-4eb1-bbcb-87fd7a5fa687.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate1ca01331e46f1ea) (gupdate1ca01331e46f1ea) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\Sebi\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe

--
End of file - 12429 bytes

filelist.bat der letzten 6 Monate:

Code:

----- Root -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\

20.07.2009  14:57                43 filelist.txt
20.07.2009  10:26            2.524 hpqp.ini
20.07.2009  10:26                40 XP_TV.ini
20.07.2009  10:26    1.071.894.528 hiberfil.sys
20.07.2009  10:26    1.610.612.736 pagefile.sys
13.07.2009  10:27            35.669 hpfr5600.log
09.03.2009  15:59        15.832.365 mp4-video-converter-softonic_5.1.2.1[1]

----- Windows --------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS

20.07.2009  14:55        1.530.927 WindowsUpdate.log
20.07.2009  10:26              159 wiadebug.log
20.07.2009  10:26                50 wiaservc.log
20.07.2009  10:26            2.048 bootstat.dat
20.07.2009  10:25            32.496 SchedLgU.Txt
17.06.2009  20:20              134 Eztoo Video To iPod Converter.ini
28.05.2009  16:19            3.488 messer.ini
10.03.2009  10:33              118 pro Eztoo Video To iPod Converter.ini
09.03.2009  15:52          115.054 GXTranscoder v2 Uninstaller.exe
17.01.2009  20:47            11.126 hpdj5600.ini
17.01.2009  20:47          237.613 hpdj5600.his

----- System  ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system


----- System 32 (Achtung: Zeitfenster beachten!) ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system32

15.07.2009  14:06        1.110.399 UACtdkeonqxoqlvacuyn.db
15.07.2009  14:06          761.344 wscsvc32.exe
15.07.2009  14:06          257.536 resdll.dll
15.07.2009  14:06              310 UACayjhputfpbdqpevpp.dat
30.06.2009  13:55                16 servdat.slm
30.06.2009  13:55                14 ssprs.tgz
30.06.2009  13:55              219 lsprst7.tgz
30.06.2009  13:55              205 lsprst7.dll
20.06.2009  10:50            1.158 wpa.dbl
17.06.2009  20:20                1 Eztoo Video To iPod Converter.dat
16.06.2009  16:53          119.808 t2embed.dll
16.06.2009  16:53            82.432 fontsub.dll
12.06.2009  08:27          390.384 FNTCACHE.DAT
05.06.2009  11:42        2.060.288 usbaaplrc.dll
03.06.2009  21:26        1.296.384 quartz.dll
26.05.2009  17:18            90.112 QuickTimeVR.qtx
26.05.2009  17:18            57.344 QuickTime.qts
08.05.2009  22:47          426.312 perfh007.dat
08.05.2009  22:47          410.186 perfh009.dat
08.05.2009  22:47            65.326 perfc009.dat
08.05.2009  22:47            78.940 perfc007.dat
08.05.2009  22:47          992.090 PerfStringBackup.INI
07.05.2009  17:42          346.624 localspl.dll
29.04.2009  06:42          827.392 wininet.dll
29.04.2009  06:42        1.159.680 urlmon.dll
29.04.2009  06:42          233.472 webcheck.dll
29.04.2009  06:42            44.544 pngfilt.dll
29.04.2009  06:42          671.232 mstime.dll
29.04.2009  06:42          102.912 occache.dll
29.04.2009  06:42          105.984 url.dll
29.04.2009  06:42          193.024 msrating.dll
29.04.2009  06:42          477.696 mshtmled.dll
29.04.2009  06:42        3.596.288 mshtml.dll
29.04.2009  06:42            27.648 jsproxy.dll
29.04.2009  06:42            52.224 msfeedsbs.dll
29.04.2009  06:42          459.264 msfeeds.dll
29.04.2009  06:42        1.830.912 inetcpl.cpl
29.04.2009  06:41          268.288 iertutil.dll
29.04.2009  06:41        6.066.176 ieframe.dll
29.04.2009  06:41            44.544 iernonce.dll
29.04.2009  06:41            78.336 ieencode.dll
29.04.2009  06:41          385.024 iedkcs32.dll
29.04.2009  06:41          383.488 ieapfltr.dll
29.04.2009  06:41          153.088 ieakeng.dll
29.04.2009  06:41          230.400 ieaksie.dll
29.04.2009  06:41            63.488 icardie.dll
29.04.2009  06:41          347.136 dxtmsft.dll
29.04.2009  06:41          133.120 extmgr.dll
29.04.2009  06:41          214.528 dxtrans.dll
29.04.2009  06:41          124.928 advpack.dll
28.04.2009  15:54                0 ssprs.dll
28.04.2009  11:05          389.120 html.iec
28.04.2009  11:05            13.824 ieudinit.exe
28.04.2009  11:05            70.656 ie4uinit.exe
25.04.2009  07:26          161.792 ieakui.dll
19.04.2009  22:06        1.846.784 win32k.sys
15.04.2009  17:29          583.168 rpcrt4.dll
15.04.2009  11:56          374.272 xpsp3res.dll
21.03.2009  16:20        1.059.840 kernel32.dll
09.03.2009  16:04              336 temp_0000_85-20.aok
09.03.2009  16:03              186 test.aok
06.03.2009  15:59          286.720 pdh.dll
11.02.2009  17:55              664 d3d9caps.dat
09.02.2009  13:39        2.065.280 ntkrnlpa.exe
09.02.2009  13:39        2.188.416 ntoskrnl.exe
09.02.2009  12:00          736.256 lsasrv.dll
09.02.2009  12:00          678.912 advapi32.dll
09.02.2009  12:00          401.408 rpcss.dll
09.02.2009  12:00          740.864 ntdll.dll
09.02.2009  11:48          111.104 services.exe
06.02.2009  11:54            35.328 sc.exe
04.02.2009  22:11          144.792 javaw.exe
04.02.2009  22:11            73.728 javacpl.cpl
04.02.2009  22:11          144.792 java.exe
04.02.2009  22:11          148.888 javaws.exe
04.02.2009  22:11          410.984 deploytk.dll
03.02.2009  22:08            55.808 secur32.dll

----- Prefetch -------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Prefetch

20.07.2009  14:57            11.196 FIND.EXE-0EC32F1E.pf
20.07.2009  14:57            11.102 CMD.EXE-087B4001.pf
20.07.2009  14:57            46.904 IV_NT86.EXE-247E4DA9.pf
20.07.2009  14:56            4.830 INOUPDATE.EXE-37EF4A46.pf
20.07.2009  14:56          139.966 INODIST.EXE-1EAB7ACC.pf
20.07.2009  14:56            58.402 NOTEPAD.EXE-336351A9.pf
20.07.2009  14:55            98.836 WMIPRVSE.EXE-28F301A9.pf
20.07.2009  14:55            21.838 HIJACKTHIS.EXE-39024128.pf
20.07.2009  14:55            64.390 WUAUCLT.EXE-399A8E72.pf
20.07.2009  14:36          145.582 LOGON.SCR-151EFAEA.pf
20.07.2009  14:17            4.830 INOUPDATE.EXE-1F9959EC.pf
20.07.2009  14:10            97.650 GOOGLEUPDATE.EXE-187AE91D.pf
20.07.2009  14:09            32.896 ACRORD32INFO.EXE-30CEC19C.pf
20.07.2009  14:09            23.206 VERCLSID.EXE-3667BD89.pf
20.07.2009  14:08            64.470 EXCEL.EXE-0DC93B7A.pf
20.07.2009  13:58            16.360 RUNDLL32.EXE-451FC2C0.pf
20.07.2009  13:34            54.140 LOGONUI.EXE-0AF22957.pf
20.07.2009  13:34            18.026 HPQWA_UI.EXE-23739E7D.pf
20.07.2009  13:00            4.928 INOUPDATE.EXE-2BD478D9.pf
20.07.2009  12:49            38.698 DFRGNTFS.EXE-269967DF.pf
20.07.2009  12:49            47.754 DEFRAG.EXE-273F131E.pf
20.07.2009  12:49          661.082 Layout.ini
20.07.2009  12:31            28.222 GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf
20.07.2009  12:24            84.062 GOOGLEUPDATER.EXE-36CE3796.pf
20.07.2009  11:53            79.960 MBAM.EXE-11D8BBD8.pf
20.07.2009  11:50            19.260 SUPERANTISPYWARE.EXE-033808EC.pf
20.07.2009  10:49            99.804 RUNDLL32.EXE-2BF3472E.pf
20.07.2009  10:48          100.658 CCLEANER.EXE-065E2F3F.pf
20.07.2009  10:31            20.802 REALPLAY.EXE-39F79CBD.pf
20.07.2009  10:30          127.590 IEXPLORE.EXE-2CA9778D.pf
20.07.2009  10:29            23.576 HPQTOA~1.EXE-39311BAA.pf
20.07.2009  10:28            15.226 STCLIENT_WRAPPER.EXE-097360FB.pf
20.07.2009  10:28            71.792 HPQIMZONE.EXE-23C44CEA.pf
20.07.2009  10:27            38.386 WMIAPSRV.EXE-1E2270A5.pf
20.07.2009  10:27            63.534 DWWIN.EXE-30875ADC.pf
20.07.2009  10:27            19.604 ALG.EXE-0F138680.pf
20.07.2009  10:27            24.024 REGSVR32.EXE-25EEFE2F.pf
20.07.2009  10:27            13.768 REGEDIT.EXE-1B606482.pf
20.07.2009  10:27        1.269.896 NTOSBOOT-B00DFAAD.pf
20.07.2009  09:36          114.278 ACRORD32.EXE-0EC716D9.pf
19.07.2009  11:20            86.626 WINWORD.EXE-3395695A.pf
30.06.2009  13:48            17.948 TASKMGR.EXE-20256C55.pf
              42 Datei(en)      3.986.102 Bytes
              0 Verzeichnis(se),  6.508.138.496 Bytes frei
 
----- Tasks ----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\tasks

20.07.2009  14:10            1.088 GoogleUpdateTaskMachineUA.job
20.07.2009  12:31            1.044 Google Software Updater.job
20.07.2009  10:26            1.084 GoogleUpdateTaskMachineCore.job
20.07.2009  10:26                6 SA.DAT
07.07.2009  18:31              276 AppleSoftwareUpdate.job

----- Windows/Temp -----------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Temp

20.07.2009  10:26                0 CLML_AGENT_LOG1.txt
20.07.2009  10:26            2.048 sqlite_ihhc8Usq2mTT4LW
20.07.2009  10:26            16.384 Perflib_Perfdata_3cc.dat
20.07.2009  08:37                0 chrome_installer.log
19.07.2009  20:47            3.262 3.ico
19.07.2009  20:47            3.262 2.ico
19.07.2009  20:47            3.262 1.ico
15.07.2009  15:50            49.152 uac73fd.tmp
15.07.2009  15:50        2.005.140 uac87e8.tmp
15.07.2009  15:49        2.691.432 uac2b70.tmp
15.07.2009  15:00            49.152 uac5c8d.tmp
15.07.2009  15:00        2.005.140 uac44b0.tmp
15.07.2009  14:59        2.691.432 uac13fb.tmp
15.07.2009  14:37            49.152 uacf662.tmp
15.07.2009  14:37        2.005.140 uacd240.tmp
15.07.2009  14:37        2.691.432 uacb2c2.tmp
15.07.2009  14:20            49.152 uacdec1.tmp
15.07.2009  14:20        2.005.140 uac84da.tmp
15.07.2009  14:19        2.691.432 uac559c.tmp
              19 Datei(en)    19.011.114 Bytes
              0 Verzeichnis(se),  6.508.134.400 Bytes frei
 
----- Temp -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\DOKUME~1\Sebi\LOKALE~1\Temp

20.07.2009  14:55          114.688 ~DFA4C.tmp
20.07.2009  10:31            2.196 jusched.log
20.07.2009  10:28            16.384 ~DF1CE1.tmp
20.07.2009  10:27              158 duplmsg.txt
20.07.2009  10:26            16.384 ~DF9A13.tmp
20.07.2009  10:26            16.384 ~DF2163.tmp
15.07.2009  14:05          343.040 UAC3d9e.tmp
23.06.2009  11:01          158.960 SSUPDATE.EXE
              8 Datei(en)        668.194 Bytes
              0 Verzeichnis(se),  6.508.134.400 Bytes frei
Hoffe dass meine logs nun ein bißchen freundlicher ausschauen ???


LG u Danke
Sebastian

csae8815 20.07.2009 14:43
hi, voriges post von mir ist leider übers kreuz gelaufen ;)

hier jetzt das file von combofix:
Code:

ComboFix 09-07-19.04 - Sebi 20.07.2009 15:26.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.1022.556 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sebi\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\resdll.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\UACayjhputfpbdqpevpp.dat
c:\windows\system32\UACtdkeonqxoqlvacuyn.db
c:\windows\system32\wscsvc32.exe
D:\Autorun.inf

.
(((((((((((((((((((((((  Dateien erstellt von 2009-06-20 bis 2009-07-20  ))))))))))))))))))))))))))))))
.

2009-07-20 06:40 . 2009-07-20 06:40        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\Malwarebytes
2009-07-20 06:35 . 2009-07-20 06:37        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp
2009-07-19 19:27 . 2009-07-19 19:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-19 19:25 . 2009-07-20 13:16        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-19 19:25 . 2009-07-20 13:16        --------        d-----w-        c:\programme\SUPERAntiSpyware
2009-07-19 19:21 . 2009-07-19 19:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-15 15:26 . 2009-07-15 15:26        --------        d-----w-        c:\programme\CCleaner
2009-07-15 15:07 . 2009-07-15 15:07        --------        d-----w-        c:\programme\Trend Micro
2009-07-15 12:31 . 2009-07-15 12:31        --------        d-----w-        c:\dokumente und einstellungen\Sebi\WINDOWS
2009-07-15 08:25 . 2009-07-15 08:25        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2009-07-10 08:10 . 2009-07-10 08:10        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Lokale Einstellungen\Anwendungsdaten\Temp
2009-07-10 07:50 . 2009-07-10 07:50        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2009-07-10 07:49 . 2009-07-10 07:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 13:14 . 2008-06-02 13:10        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\OpenOffice.org2
2009-07-20 13:10 . 2006-11-24 09:53        --------        d-----w-        c:\programme\CA
2009-07-20 13:09 . 2004-08-07 05:27        78320        ----a-w-        c:\windows\system32\perfc007.dat
2009-07-20 13:09 . 2004-08-07 05:27        425692        ----a-w-        c:\windows\system32\perfh007.dat
2009-07-17 19:54 . 2007-12-02 12:53        --------        d-----w-        c:\programme\Azureus
2009-07-15 08:48 . 2007-10-29 16:24        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\LimeWire
2009-07-10 07:52 . 2006-04-11 20:27        --------        d-----w-        c:\programme\Google
2009-06-30 11:55 . 2008-10-10 14:08        --------        d-----w-        c:\programme\SPSSEV-DE
2009-06-17 18:20 . 2009-03-10 08:22        1        ----a-w-        c:\windows\system32\Eztoo Video To iPod Converter.dat
2009-06-16 19:17 . 2007-10-09 09:06        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2009-06-16 18:37 . 2008-10-02 12:53        --------        d-----w-        c:\programme\Safari
2009-06-16 18:33 . 2009-06-16 18:32        --------        d-----w-        c:\programme\iTunes
2009-06-16 18:33 . 2009-06-16 18:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 18:32 . 2007-10-07 17:50        --------        d-----w-        c:\programme\iPod
2009-06-16 18:32 . 2007-10-09 09:06        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2009-06-16 18:30 . 2009-06-16 18:29        --------        d-----w-        c:\programme\QuickTime
2009-06-16 18:23 . 2009-06-16 18:23        75048        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:53 . 2004-08-04 08:00        82432        ----a-w-        c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2004-08-04 08:00        119808        ----a-w-        c:\windows\system32\t2embed.dll
2009-06-09 18:58 . 2009-06-09 18:45        --------        d-----w-        c:\programme\FreePDF_XP
2009-06-09 18:57 . 2009-06-09 18:57        --------        d-----w-        c:\programme\gs
2009-06-05 09:42 . 2009-04-01 10:17        2060288        ----a-w-        c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-10-02 13:03        39424        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:26 . 2004-08-04 08:00        1296384        ----a-w-        c:\windows\system32\quartz.dll
2009-06-03 12:29 . 2009-04-21 08:35        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-06-03 12:29 . 2009-04-21 08:35        --------        d-----w-        c:\programme\DVDVideoSoft
2009-05-30 08:57 . 2009-03-12 14:01        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\DiskAid
2009-05-28 14:12 . 2009-05-28 14:12        --------        d-----w-        c:\dokumente und einstellungen\Sebi\Anwendungsdaten\concept design
2009-05-28 14:12 . 2009-05-28 14:12        --------        d-----w-        c:\programme\concept design
2009-05-28 14:05 . 2009-05-28 13:56        --------        d-----w-        c:\programme\Messer
2009-05-07 15:42 . 2004-08-04 08:00        346624        ----a-w-        c:\windows\system32\localspl.dll
2009-04-29 04:42 . 2004-08-04 08:00        827392        ----a-w-        c:\windows\system32\wininet.dll
2009-04-29 04:41 . 2004-08-04 08:00        78336        ----a-w-        c:\windows\system32\ieencode.dll
2006-05-03 10:06 . 2007-06-08 08:41        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2007-06-08 08:41        31744        --sh--r-        c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 68856]
"DriverUpdaterPro"="c:\programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-12-24 2878500]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\programme\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programme\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"TVPService"="c:\programme\HP\TVPlay\TVPService.exe" [2006-04-03 135168]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-10-15 185632]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\Sebi\Startmen\Programme\Autostart\
OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-21 113664]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]
HP Photosmart Premier - Schnellstart.lnk - c:\programme\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-9-17 278528]
Microtek Scanner Finder.lnk - c:\programme\Microtek\ScanWizard 5\ScannerFinder.exe [2007-3-3 303104]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-12-3 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\concept design\\onlineTV 5\\onlineTV.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);c:\programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe [11.09.2006 08:31 1073152]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);c:\programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe [11.09.2006 08:32 258147]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);c:\programme\HP\TVPlay\Kernel\TV\TVPSched.exe [11.09.2006 08:32 114785]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 11:06 231424]
S2 gupdate1ca01331e46f1ea;Google Update Service (gupdate1ca01331e46f1ea);c:\programme\Google\Update\GoogleUpdate.exe [10.07.2009 09:50 133104]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [18.05.2009 12:49 87424]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [04.06.2005 02:56 30464]
.
Inhalt des "geplante Tasks" Ordners

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-07-20 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-10 07:49]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-10 07:50]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-10 07:50]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NapsterShell - c:\programme\Napster\napster.exe
Notify-WgaLogon - (no file)


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web-mail2.uibk.ac.at/horde/imp/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 15:29
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe??????????????V?n??|?????? ???B?????????????hLC????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2009-07-20 15:34
ComboFix-quarantined-files.txt  2009-07-20 13:34

Vor Suchlauf: 6.454.702.080 Bytes frei
Nach Suchlauf: 6.531.067.904 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

192        --- E O F ---        2009-07-15 19:43

csae8815 20.07.2009 14:44
hijack log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:38, on 20.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\HP\TVPlay\TVPService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web-mail2.uibk.ac.at/horde/imp/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TVPService] "C:\Programme\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Programme\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate1ca01331e46f1ea) (gupdate1ca01331e46f1ea) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\Sebi\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Programme\HP\TVPlay\Kernel\TV\TVPSched.exe

--
End of file - 10987 bytes

filelist.bat:

Code:

----- Root -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\

20.07.2009  15:39                43 filelist.txt
20.07.2009  15:34            13.529 ComboFix.txt
20.07.2009  15:22              281 boot.ini
20.07.2009  15:13            2.298 hpqp.ini
20.07.2009  15:13                40 XP_TV.ini
20.07.2009  15:13    1.071.894.528 hiberfil.sys
20.07.2009  15:13    1.610.612.736 pagefile.sys
13.07.2009  10:27            35.669 hpfr5600.log
09.03.2009  15:59        15.832.365 mp4-video-converter-softonic_5.1.2.1[1]

----- Windows --------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS

20.07.2009  15:30              227 system.ini
20.07.2009  15:21            32.496 SchedLgU.Txt
20.07.2009  15:20        1.544.902 WindowsUpdate.log
20.07.2009  15:13                0 0.log
20.07.2009  15:13              159 wiadebug.log
20.07.2009  15:13                50 wiaservc.log
20.07.2009  15:13            2.048 bootstat.dat
13.07.2009  05:48          219.648 PEV.exe
17.06.2009  20:20              134 Eztoo Video To iPod Converter.ini
28.05.2009  16:19            3.488 messer.ini
20.04.2009  12:56            31.232 NIRCMD.exe
10.03.2009  10:33              118 pro Eztoo Video To iPod Converter.ini
09.03.2009  15:52          115.054 GXTranscoder v2 Uninstaller.exe
17.01.2009  20:47          237.613 hpdj5600.his
17.01.2009  20:47            11.126 hpdj5600.ini


----- System  ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system
*kein eintrag*


----- System 32 (Achtung: Zeitfenster beachten!) ---
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\system32

20.07.2009  15:09          409.566 perfh009.dat
20.07.2009  15:09            64.706 perfc009.dat
20.07.2009  15:09          425.692 perfh007.dat
20.07.2009  15:09            78.320 perfc007.dat
30.06.2009  13:55                16 servdat.slm
30.06.2009  13:55                14 ssprs.tgz
30.06.2009  13:55              219 lsprst7.tgz
20.06.2009  10:50            1.158 wpa.dbl
17.06.2009  20:20                1 Eztoo Video To iPod Converter.dat
16.06.2009  16:53            82.432 fontsub.dll
16.06.2009  16:53          119.808 t2embed.dll
12.06.2009  08:27          390.384 FNTCACHE.DAT
05.06.2009  11:42        2.060.288 usbaaplrc.dll
03.06.2009  21:26        1.296.384 quartz.dll
26.05.2009  17:18            57.344 QuickTime.qts
26.05.2009  17:18            90.112 QuickTimeVR.qtx
08.05.2009  22:47          992.090 PerfStringBackup.INI
07.05.2009  17:42          346.624 localspl.dll
29.04.2009  06:42          827.392 wininet.dll
29.04.2009  06:42          233.472 webcheck.dll
29.04.2009  06:42        1.159.680 urlmon.dll
29.04.2009  06:42            44.544 pngfilt.dll
29.04.2009  06:42          102.912 occache.dll
29.04.2009  06:42          105.984 url.dll
29.04.2009  06:42          671.232 mstime.dll
29.04.2009  06:42          477.696 mshtmled.dll
29.04.2009  06:42          193.024 msrating.dll
29.04.2009  06:42        3.596.288 mshtml.dll
29.04.2009  06:42            52.224 msfeedsbs.dll
29.04.2009  06:42          459.264 msfeeds.dll
29.04.2009  06:42        1.830.912 inetcpl.cpl
29.04.2009  06:42            27.648 jsproxy.dll
29.04.2009  06:41            44.544 iernonce.dll
29.04.2009  06:41          268.288 iertutil.dll
29.04.2009  06:41        6.066.176 ieframe.dll
29.04.2009  06:41            78.336 ieencode.dll
29.04.2009  06:41          230.400 ieaksie.dll
29.04.2009  06:41          153.088 ieakeng.dll
29.04.2009  06:41          385.024 iedkcs32.dll
29.04.2009  06:41          383.488 ieapfltr.dll
29.04.2009  06:41          214.528 dxtrans.dll
29.04.2009  06:41          347.136 dxtmsft.dll
29.04.2009  06:41          124.928 advpack.dll
29.04.2009  06:41          133.120 extmgr.dll
29.04.2009  06:41            63.488 icardie.dll
28.04.2009  11:05          389.120 html.iec
28.04.2009  11:05            13.824 ieudinit.exe
28.04.2009  11:05            70.656 ie4uinit.exe
25.04.2009  07:26          161.792 ieakui.dll
19.04.2009  22:06        1.846.784 win32k.sys
15.04.2009  17:29          583.168 rpcrt4.dll
15.04.2009  11:56          374.272 xpsp3res.dll
21.03.2009  16:20        1.059.840 kernel32.dll
09.03.2009  16:04              336 temp_0000_85-20.aok
09.03.2009  16:03              186 test.aok
06.03.2009  15:59          286.720 pdh.dll
11.02.2009  17:55              664 d3d9caps.dat
09.02.2009  13:39        2.065.280 ntkrnlpa.exe
09.02.2009  13:39        2.188.416 ntoskrnl.exe
09.02.2009  12:00          736.256 lsasrv.dll
09.02.2009  12:00          678.912 advapi32.dll
09.02.2009  12:00          740.864 ntdll.dll
09.02.2009  12:00          401.408 rpcss.dll
09.02.2009  11:48          111.104 services.exe
06.02.2009  11:54            35.328 sc.exe
04.02.2009  22:11          144.792 java.exe
04.02.2009  22:11          148.888 javaws.exe
04.02.2009  22:11            73.728 javacpl.cpl
04.02.2009  22:11          144.792 javaw.exe
04.02.2009  22:11          410.984 deploytk.dll
03.02.2009  22:08            55.808 secur32.dll


----- Prefetch -------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Prefetch

20.07.2009  15:39            11.196 FIND.EXE-0EC32F1E.pf
20.07.2009  15:39            17.384 CMD.EXE-087B4001.pf
20.07.2009  15:38            53.992 NOTEPAD.EXE-336351A9.pf
20.07.2009  15:38            76.670 WMIPRVSE.EXE-28F301A9.pf
20.07.2009  15:38            22.332 HIJACKTHIS.EXE-39024128.pf
20.07.2009  15:36            15.916 VERCLSID.EXE-3667BD89.pf
20.07.2009  15:36          131.098 IEXPLORE.EXE-2CA9778D.pf
20.07.2009  15:34            59.486 EXPLORER.EXE-082F38A9.pf
20.07.2009  15:34            14.330 IMAPI.EXE-0BF740A4.pf
20.07.2009  15:34            9.558 NIRCMD.EXE-2C39EF53.pf
20.07.2009  15:34            4.184 HANDLE.CFEXE-13427ED2.pf
20.07.2009  15:34            4.354 GREP.CFEXE-20443039.pf
20.07.2009  15:34            29.290 PV.CFEXE-0E6F2701.pf
20.07.2009  15:34            9.064 SWREG.CFEXE-2BF4FFCD.pf
20.07.2009  15:34            13.682 REGEDIT.EXE-1B606482.pf
20.07.2009  15:34            15.978 NIRCMD.CFEXE-19FF4781.pf
20.07.2009  15:34            10.524 PEV.CFEXE-29A7886F.pf
20.07.2009  15:34            4.498 SED.CFEXE-268D7E58.pf
20.07.2009  15:34            4.874 MTEE.CFEXE-1E067BC7.pf
20.07.2009  15:34            19.680 PEV.EXE-0CE2BF4A.pf
20.07.2009  15:34            11.584 CF7189.EXE-0C3B6D82.pf
20.07.2009  15:34            5.794 CHCP.COM-18156052.pf
20.07.2009  15:34            12.158 NIRCMDC.CFEXE-049E77E5.pf
20.07.2009  15:21            28.322 CSCRIPT.EXE-1C26180C.pf
20.07.2009  15:21            8.586 NIRCMDB.EXE-137B12EA.pf
20.07.2009  15:21            8.664 GREP.EXE-3309531C.pf
20.07.2009  15:21            9.930 SED.EXE-0F4B402F.pf
20.07.2009  15:21            21.000 SETPATH.CFEXE-034E3D26.pf
20.07.2009  15:21            8.868 SWREG.EXE-3560BE42.pf
20.07.2009  15:21            10.040 CATCHME.CFEXE-0F2A0789.pf
20.07.2009  15:21            10.798 FINDSTR.EXE-0CA6274B.pf
20.07.2009  15:21            9.442 REGT.CFEXE-15DB5DAE.pf
20.07.2009  15:20            11.202 PEV.EXE-0806C34B.pf
20.07.2009  15:20            3.808 GSAR.CFEXE-156760D9.pf
20.07.2009  15:20            7.408 SWSC.CFEXE-3B4FE4FE.pf
20.07.2009  15:20            5.298 FINDSTR.CFEXE-38519B93.pf
20.07.2009  15:20            7.702 COMBOFIX-DOWNLOAD.CFEXE-1D161D68.pf
20.07.2009  15:20            10.992 SORT.EXE-194AE83C.pf
20.07.2009  15:20            14.384 PING.EXE-31216D26.pf
20.07.2009  15:20            5.254 HIDEC.EXE-3818BC01.pf
20.07.2009  15:20            5.484 ATTRIB.CFEXE-07A4D3CF.pf
20.07.2009  15:20            11.152 ATTRIB.EXE-39EAFB02.pf
20.07.2009  15:20            14.846 CMD.EXECF-27E83661.pf
20.07.2009  15:20            44.436 PEV.CFEXE-26A9D6BD.pf
20.07.2009  15:20            30.060 PV.CFEXE-23E4A9A0.pf
20.07.2009  15:20            4.726 SED.CFEXE-238FCCA6.pf
20.07.2009  15:20            4.128 GREP.CFEXE-273BC5E1.pf
20.07.2009  15:20            29.710 PV.EXE-06A2AC78.pf
20.07.2009  15:20            17.376 N.PIF-1B75D06C.pf
20.07.2009  15:20            8.358 PEV.EXE-2937A365.pf
20.07.2009  15:20            9.716 NIRCMD.CFEXE-0E3F4BC2.pf
20.07.2009  15:20            8.426 NIRCMDB.EXE-143CC1C1.pf
20.07.2009  15:20            10.594 SWREG.EXE-0937BD77.pf
20.07.2009  15:20            64.646 COMBOFIX.EXE-161C45E1.pf
20.07.2009  15:20            5.608 GSAR.CFEXE-0E6FCB31.pf
20.07.2009  15:20            5.362 HIDEC.EXE-3B166DB3.pf
20.07.2009  15:20            16.276 RUNDLL32.EXE-1EE676D0.pf
20.07.2009  15:20            18.524 RUNONCE.EXE-2803F297.pf
20.07.2009  15:20            12.422 GRPCONV.EXE-111CD845.pf
20.07.2009  15:20            16.360 RUNDLL32.EXE-451FC2C0.pf
20.07.2009  15:18            20.590 REALPLAY.EXE-39F79CBD.pf
20.07.2009  15:16            41.016 SUPERANTISPYWARE.EXE-033808EC.pf
20.07.2009  15:16            86.548 MSIEXEC.EXE-2F8A8CAE.pf
20.07.2009  15:16            31.106 MSI10.TMP-361B9A6A.pf
20.07.2009  15:15            74.088 RUNDLL32.EXE-13404D23.pf
20.07.2009  15:14            24.050 REGSVR32.EXE-25EEFE2F.pf
20.07.2009  15:14            8.454 MBAMGUI.EXE-1E06AB95.pf
20.07.2009  15:14            88.290 MBAM.EXE-11D8BBD8.pf
20.07.2009  15:14            16.220 _IU14D2N.TMP-11A11631.pf
20.07.2009  15:14            19.284 UNINS000.EXE-019B5229.pf
20.07.2009  15:14            38.786 SSUPDATE.EXE-04D8CF4E.pf
20.07.2009  15:14            61.660 WUAUCLT.EXE-399A8E72.pf
20.07.2009  15:14            38.230 WMIAPSRV.EXE-1E2270A5.pf
20.07.2009  15:14            15.118 STCLIENT_WRAPPER.EXE-097360FB.pf
20.07.2009  15:14            23.456 HPQTOA~1.EXE-39311BAA.pf
20.07.2009  15:14            18.026 HPQWA_UI.EXE-23739E7D.pf
20.07.2009  15:14            19.604 ALG.EXE-0F138680.pf
20.07.2009  15:14            13.916 IPODSERVICE.EXE-233792DA.pf
20.07.2009  15:14        1.276.852 NTOSBOOT-B00DFAAD.pf
20.07.2009  15:11            53.172 LOGONUI.EXE-0AF22957.pf
20.07.2009  15:10            22.182 WMIADAP.EXE-2DF425B2.pf
20.07.2009  15:10            6.238 UNCFGENG.EXE-24FF78B9.pf
20.07.2009  15:10            6.938 UNCFGENG.EXE-33701BDF.pf
20.07.2009  15:10            77.972 GOOGLEUPDATE.EXE-187AE91D.pf
20.07.2009  15:09            15.544 UNLODCTR.EXE-37313252.pf
20.07.2009  14:57            46.904 IV_NT86.EXE-247E4DA9.pf
20.07.2009  14:56            4.830 INOUPDATE.EXE-37EF4A46.pf
20.07.2009  14:56          139.966 INODIST.EXE-1EAB7ACC.pf
20.07.2009  14:36          145.582 LOGON.SCR-151EFAEA.pf
20.07.2009  14:17            4.830 INOUPDATE.EXE-1F9959EC.pf
20.07.2009  14:09            32.896 ACRORD32INFO.EXE-30CEC19C.pf
20.07.2009  14:08            64.470 EXCEL.EXE-0DC93B7A.pf
20.07.2009  13:00            4.928 INOUPDATE.EXE-2BD478D9.pf
20.07.2009  12:49            38.698 DFRGNTFS.EXE-269967DF.pf
20.07.2009  12:49            47.754 DEFRAG.EXE-273F131E.pf
20.07.2009  12:49          661.082 Layout.ini
20.07.2009  12:31            28.222 GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf
20.07.2009  12:24            84.062 GOOGLEUPDATER.EXE-36CE3796.pf
20.07.2009  10:49            99.804 RUNDLL32.EXE-2BF3472E.pf
20.07.2009  10:48          100.658 CCLEANER.EXE-065E2F3F.pf
20.07.2009  10:28            71.792 HPQIMZONE.EXE-23C44CEA.pf
20.07.2009  10:27            63.534 DWWIN.EXE-30875ADC.pf
20.07.2009  09:36          114.278 ACRORD32.EXE-0EC716D9.pf
19.07.2009  11:20            86.626 WINWORD.EXE-3395695A.pf
30.06.2009  13:48            17.948 TASKMGR.EXE-20256C55.pf
            105 Datei(en)      5.033.738 Bytes
              0 Verzeichnis(se),  6.559.715.328 Bytes frei
 
----- Tasks ----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\tasks

20.07.2009  15:34                6 SA.DAT
20.07.2009  15:13            1.044 Google Software Updater.job
20.07.2009  15:13            1.084 GoogleUpdateTaskMachineCore.job
20.07.2009  15:10            1.088 GoogleUpdateTaskMachineUA.job
07.07.2009  18:31              276 AppleSoftwareUpdate.job


----- Windows/Temp -----------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\WINDOWS\Temp

20.07.2009  15:13            2.048 sqlite_HrX9jgqHHtK1od6
20.07.2009  15:13                0 CLML_AGENT_LOG1.txt
20.07.2009  15:13            16.384 Perflib_Perfdata_230.dat
              3 Datei(en)        18.432 Bytes
              0 Verzeichnis(se),  6.559.711.232 Bytes frei
 
----- Temp -----------------------------
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5F93-246D

 Verzeichnis von C:\DOKUME~1\Sebi\LOKALE~1\Temp

20.07.2009  15:38          114.688 ~DFD633.tmp
20.07.2009  15:14            16.384 ~DF58CE.tmp
20.07.2009  15:13            16.384 ~DF497E.tmp
20.07.2009  15:13            16.384 ~DF490C.tmp
              4 Datei(en)        163.840 Bytes
              0 Verzeichnis(se),  6.559.711.232 Bytes frei
DANKE!

kira 21.07.2009 12:54
hi

1.
jetzt noch ein wenig Schönheitskorrektur;)
starte HijackThis--> wähle "config --> dann misc tools --> und delete a file on reboot"--> wähle die zu löschende datei (sehe der Inhalt dieser Code-Box), die frage zum neustart mit NEIN beantworten, wieder delete a file on reboot wählen, nächste datei auswählen usw., bis du die letzte dateie ausgewählt hast, nun antwortest du auf die frage zum neustart mit JA
>> Text kopieren und einfügen (oder "Durchsuchen")::
Code:
C:\hpqp.ini
C:\WINDOWS\system32\servdat.slm
C:\WINDOWS\system32\ssprs.tgz
C:\WINDOWS\system32\lsprst7.tgz
2.
- SUPERAntiSpyware deinstallieren
- CombiFix entfernen:
Start --> Ausführen -->Kopiere rein Combofix /u --> OK
Entferne auf C:\ Qoobox (falls noch vorhanden) -->Papierkorb leeren

3.
alle Anwendungen, Browser schließen -> Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind, nicht löschbar.
  • Start -> ausführen "cleanmgr" reinschreiben ohne "" -> "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) muss geleert werden-> "Ok"
  • [b]Start -> ausführen -> %temp% reinschreiben ohne ""-> "Ok"
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Den kompletten Rechner zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online - Scanner - wähle "My Computer" aus:
im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- speichere die Ergebnis als *.txt Datei und poste das Logfile des Scans

csae8815 22.07.2009 15:47
hi,

danke für die tipps.

hab alles gemacht- hier noch der Scan von kaspersky:

Code:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Wednesday, July 22, 2009
 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Wednesday, July 22, 2009 09:45:22
 Records in database: 2512505
--------------------------------------------------------------------------------

Scan settings:
        Scan using the following database: extended
        Scan archives: yes
        Scan mail databases: yes

Scan area - My Computer:
        C:\
        D:\
        E:\
        F:\

Scan statistics:
        Files scanned: 157214
        Threat name: 1
        Infected objects: 4
        Suspicious objects: 0
        Duration of the scan: 04:54:33


File name / Threat name / Threats count
C:\ADM- Wildfire\PTC\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM- Wildfire\PTC\Unterlagen\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM-Wildfire+crack+\PTC\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM-Wildfire+crack+\PTC\Unterlagen\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1

The selected area was scanned.

Danke!

kira 22.07.2009 18:34
das hier sieht unschön aus:

Code:
C:\ADM- Wildfire\PTC\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM- Wildfire\PTC\Unterlagen\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM-Wildfire+crack+\PTC\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
C:\ADM-Wildfire+crack+\PTC\Unterlagen\admWILDFIRE\Hilfsprogramme\VNC-Viewer\vnc-3.3.3r9_x86_win32.zip        Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333        1
Cracks, Serial Numbers, Keygens, Patches, Warez...wenn du deinen Rechner mit Malware infizierst:rolleyes:
Eine saubere Lösung des Problems ist: Windows komplett neu zu installieren und hoffentlich hast du was draus gelernt und in Zukunft lässt Du die Finger davon!

*Ich kann nicht alle Menschen ändern, da endet meine Verantwortung...*

csae8815 22.07.2009 20:18
hi coverflow,

erstmal danke für deine Bemühungen. JA ich weiß ich war zu unvorsichtig mit den ganzen Sachen.. hab daraus gelernt.

Vielen Dank für die vielen guten hilfreichen tipps und anweisungen!

Grüße
Sebastian


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131