virenbefall

Dieses Thema virenbefall im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von streetpirat, 9. Apr. 2008.

Thema: virenbefall ich habe ein riesen virenbefall, kann mir jemand helfen? beim scannen mit trend micro hijack this v2.0.2.ist...

  1. ich habe ein riesen virenbefall, kann mir jemand helfen?
    beim scannen mit trend micro hijack this v2.0.2.ist folgenes log herausgekommen:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:19:14, on 09.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Programme\Launch Manager\OSDCtrl.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programme\Launch Manager\Wbutton.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programme\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programme\Windows Defender\MSASCui.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Dokumente und Einstellungen\reto\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CNIS300H\HiJackThis202[1].exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ch/[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {0242BF34-3089-4EC2-8D0B-D24BC9537A65} - C:\WINDOWS\system32\ddcyw.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\qomljgg.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\WinMediaCodec\iesplugin.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe
    O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [osCheck] C:\Programme\Norton AntiVirus\osCheck.exe
    O4 - HKLM\..\Run: [BM032a16bd] Rundll32.exe C:\WINDOWS\system32\kwhprosa.dll,s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NoDNS] C:\Programme\\NoDNS\\NoDNS.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Dokumente und Einstellungen\reto\Anwendungsdaten\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Dokumente und Einstellungen\reto\Anwendungsdaten\Microsoft\Windows\rayiou.exe
    O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Programme\WinMediaCodec\pmsngr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Programme\Video ActiveX Access\iesmn.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - [url]http://www.giga.de/giga-stream-test/Rawflow.cab[/url]
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab[/url]
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://streetpirat.spaces.live.com//PhotoUpload/MsnPUpld.cab[/url]
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - [url]http://streetpirat.spaces.live.com/PhotoUpload/MsnPUpld.cab[/url]
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [url]http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[/url]
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [url]http://ax.emsisoft.com/asquared.cab[/url]
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll (file missing)
    O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - (no file)
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: GMX Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
    
    --
    End of file - 15396 bytes

    dank viel mal
    grüsse reto
     
  2. ja und, hast du schon nach viren und trojanern gescannt, oder war highjackthis alles, worauf du bis jetzt gekommen bist?

    ne kleine auswahl:
    Logfile of Trend Micro HijackThis v2.0.2
    http://www.wintotal.de/Spyware/index.php

    http://www.spywareremove.com/removeddcywdll.html
    http://www.entfernen-spyware.de/wintouch-entfernen.html

    kümmer dich um:
    ddcyw.dll
    wintouch.exe
    rayiou.exe
    pmsngr.exe
    iesmn.exe

    mein fazit:
    http://www.trojaner-board.de/12154-...s-systems-und-anschliessende-absicherung.html

    und danach über dein surf- und klickverhalten nachdenken.....


    und die sind nicht alle mit einem klick gekommen....
    man muss auch nicht für jedes video, was gerade geil ist, einen codec downloaden.... ;)
     
  3. Hallo,

    1.
    mit dem HijackThis löschen (fixen)
    Klicke: Do a system scan only
    Setze ein Häckchen in das Kästchen vor den genannten Eintrag
    und wähle fix checked. + starte den Rechner neu.
    2.
    smitfraudfix anwenden (Option 2 - kann im Normalmodus sein) - poste hier den Report
    http://virus-protect.org/artikel/tools/smitfrautfix.html

    3.
    CCleaner anwenden + temp-Dateien löschen
    http://virus-protect.org/ccleaner.html

    4.
    sdfix anwenden (muss im abgesicherten Modus sein) + poste nach Neustart den Report
    http://virus-protect.org/artikel/tools/sdfix.html

    5.
    Combofix anwenden (Warnmeldung wegklicken ) + poste den Report hier
    http://virus-protect.org/artikel/tools/combofix.html
     
  4. @streetpirat
    würdest du bitte Feedback geben ;)

    pan_fee
     
  5. sory war in den ferien, danke viel mal für die infos, aber nach dieser zeit sieht das log file ganz anders aus:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:22:59, on 28.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
    C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Programme\Launch Manager\OSDCtrl.exe
    C:\Programme\Launch Manager\Wbutton.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programme\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programme\Windows Defender\MSASCui.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ch/[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe
    O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    O4 - HKLM\..\Run: [osCheck] C:\Programme\Norton AntiVirus\osCheck.exe
    O4 - HKLM\..\Run: [00192521] rundll32.exe C:\WINDOWS\system32\tmslkqns.dll,b
    O4 - HKLM\..\Run: [BM032a16bd] Rundll32.exe C:\WINDOWS\system32\pihrmqgd.dll,s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User->Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - [url]http://www.giga.de/giga-stream-test/Rawflow.cab[/url]
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab[/url]
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://streetpirat.spaces.live.com//PhotoUpload/MsnPUpld.cab[/url]
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - [url]http://streetpirat.spaces.live.com/PhotoUpload/MsnPUpld.cab[/url]
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [url]http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[/url]
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [url]http://ax.emsisoft.com/asquared.cab[/url]
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: GMX Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
    
    --
    End of file - 14120 bytes
    kann mir jemand helfen?
    das problem kam auf als ich ein zubehör für ein adobe programm downloaden wollte, welches sich aber als virus entpuppte.

    danke:)
     
  6. Hallo,

    «
    CCleaner anwenden + temp-Dateien löschen
    http://virus-protect.org/ccleaner.html

    «
    mit dem HijackThis löschen (fixen)
    Klicke: Do a system scan only
    Setze ein Häckchen in das Kästchen vor den genannten Eintrag
    und wähle fix checked. + starte den Rechner neu.
    Combofix anwenden (Warnmeldung wegklicken ) + poste den Report hier
    http://virus-protect.org/artikel/tools/combofix.html
     
  7. Danke viel mal:)
    ich habe allse gemacht.
    hier das log von Combofix (es ist in 2 einträgen):
     
  8. ComboFix 08-04-28.2 - reto 2008-04-29 20:12:45.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.41.1031.18.385 [GMT 2:00]
    ausgeführt von:: C:\Dokumente und Einstellungen\reto\Desktop\ComboFix.exe
    * Neuer Wiederherstellungspunkt wurde erstellt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Dokumente und Einstellungen\reto\Anwendungsdaten\ICROSO~1
    C:\Dokumente und Einstellungen\reto\Anwendungsdaten\ICROSO~1\?icrosoft\
    C:\Dokumente und Einstellungen\reto\Anwendungsdaten\WinTouch
    C:\Dokumente und Einstellungen\reto\Anwendungsdaten\WinTouch\wintouch.cfg
    C:\Programme\CPV
    C:\Programme\Helper
    C:\Programme\NoDNS
    C:\Programme\NoDNS\UnInstall.exe
    C:\Programme\nvcoi
    C:\Programme\nvcoi\mst.stt
    C:\Programme\Temporary
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\regedit.com
    C:\WINDOWS\system32\djrjryqg.ini
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\envhfdxc.ini
    C:\WINDOWS\system32\fgummrug.ini
    C:\WINDOWS\system32\grdkuawb.ini
    C:\WINDOWS\system32\homvawry.ini
    C:\WINDOWS\system32\HQAGOnmp.ini
    C:\WINDOWS\system32\hqubetsy.ini
    C:\WINDOWS\system32\ivqicqjw.dll
    C:\WINDOWS\system32\jfjxsnja.ini
    C:\WINDOWS\system32\jfjxsnja.ini2
    C:\WINDOWS\system32\jfjxsnja.tmp
    C:\WINDOWS\system32\kwhprosa.dll
    C:\WINDOWS\system32\lfkplpmm.ini
    C:\WINDOWS\system32\lmhcnfbu.ini
    C:\WINDOWS\system32\oqisqcam.ini
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\rckyjbhq.dll
    C:\WINDOWS\system32\snqklsmt.ini
    C:\WINDOWS\system32\stmafolb.ini
    C:\WINDOWS\system32\taskmgr.com
    C:\WINDOWS\system32\totlbjjp.ini
    C:\WINDOWS\system32\tvewneck.dll
    C:\WINDOWS\system32\vnesuyhb.ini
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wkpxixva.ini
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\wtktjksn.ini
    C:\WINDOWS\system32\wycdd.ini
    C:\WINDOWS\system32\wycdd.ini2
    C:\WINDOWS\system32\yrwavmoh.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((( Dateien erstellt von 2008-03-28 bis 2008-04-29 ))))))))))))))))))))))))))))))
    .

    2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Dokumente und Einstellungen\TEMP
    2008-04-29 19:58 . 2008-04-29 19:58 <DIR> d-------- C:\Programme\CCleaner
    2008-04-28 20:21 . 2008-04-28 20:21 <DIR> d-------- C:\Programme\Microsoft SQL Server Compact Edition
    2008-04-28 20:19 . 2008-04-28 20:19 <DIR> d-------- C:\Programme\Windows Live Favorites
    2008-04-28 20:18 . 2008-04-28 20:18 <DIR> d-------- C:\Programme\Windows Live Toolbar
    2008-04-28 20:05 . 2008-04-28 20:05 <DIR> d-------- C:\Programme\Windows Live
    2008-04-28 20:05 . 2008-04-28 20:05 <DIR> d--hs---- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
    2008-04-28 20:04 . 2008-04-28 20:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
    2008-04-22 20:19 . 2008-04-22 20:19 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-16 17:00 . 2008-04-17 23:25 156 --a------ C:\WINDOWS\Twunk001.MTX
    2008-04-16 17:00 . 2008-04-17 23:25 3 --a------ C:\WINDOWS\Twain001.Mtx
    2008-04-16 17:00 . 2008-04-16 17:00 0 --a------ C:\WINDOWS\Twunk002.MTX
    2008-04-14 21:21 . 2008-04-09 21:55 203 --a------ C:\bootini.uns
    2008-04-14 20:16 . 2008-04-14 20:16 <DIR> d-------- C:\Programme\Trend Micro
    2008-04-13 15:03 . 2008-04-13 15:03 <DIR> d-------- C:\Programme\Microids
    2008-04-10 20:26 . 2008-04-10 20:26 58,760 --a------ C:\symlcsv1.exe
    2008-04-09 22:00 . 2008-04-09 22:02 8,546,530 --a------ C:\WINDOWS\REGBK00.ZIP
    2008-04-09 21:59 . 2008-04-09 21:59 <DIR> d-------- C:\PUB
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MicroWorld
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Vorlagen
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Startmen
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Favoriten
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Dokumente
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice\Anwendungsdaten
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\remoteservice
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Vorlagen
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmen
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Favoriten
    2008-04-09 21:55 . 2008-04-09 21:55 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Dokumente
    2008-04-09 21:55 . 2007-04-19 19:37 1,044,480 --a------ C:\WINDOWS\system32\contfilt.dll
    2008-04-09 21:55 . 2004-08-04 05:00 153,600 --a------ C:\WINDOWS\R.COM
    2008-04-09 21:55 . 2004-08-04 05:00 140,800 --a------ C:\WINDOWS\system32\T.COM
    2008-04-09 21:55 . 2007-04-17 16:18 126,976 --a------ C:\WINDOWS\system32\mwnsp.dll
    2008-04-09 21:55 . 2008-04-09 21:55 106,692 --a------ C:\WINDOWS\winsbak2.reg
    2008-04-09 21:55 . 2007-05-03 12:26 43,520 --a------ C:\WINDOWS\killproc.exe
    2008-04-09 21:55 . 2008-04-09 21:55 14,866 --a------ C:\WINDOWS\winsbak.reg
    2008-04-09 21:54 . 2008-04-09 21:54 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
    2008-04-09 21:54 . 2007-04-17 16:21 356,352 --a------ C:\WINDOWS\system32\mwtsp.dll
    2008-04-09 21:54 . 2000-04-03 22:00 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
    2008-04-09 21:54 . 2005-10-09 18:53 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
    2008-04-09 21:54 . 2007-04-17 16:21 44,032 --a------ C:\WINDOWS\inst_tsp.exe
    2008-04-09 21:54 . 1997-09-18 06:12 9,488 --a------ C:\WINDOWS\sporder.dll
    2008-04-09 21:54 . 1997-09-18 06:12 7,680 --a------ C:\WINDOWS\sporder.exe
    2008-04-09 20:32 . 2008-04-09 20:33 714 ---hs---- C:\WINDOWS\system32\hjpnebsp.ini
    2008-04-08 20:55 . 2008-04-09 20:33 714 ---hs---- C:\WINDOWS\system32\hctmbvcj.ini
    2008-04-08 20:44 . 2008-04-08 20:52 354 ---hs---- C:\WINDOWS\system32\tsuvhkgb.ini
    2008-04-07 19:44 . 2008-04-08 19:38 594 ---hs---- C:\WINDOWS\system32\woxtdhes.ini
    2008-04-07 19:33 . 2008-04-07 19:33 354 ---hs---- C:\WINDOWS\system32\esdcdmqi.ini
    2008-04-01 20:34 . 2008-04-01 20:34 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Softwin
    2008-04-01 20:27 . 2008-04-07 19:32 714 ---hs---- C:\WINDOWS\system32\owdhicdr.ini
    [br][br]Erstellt am: 29.04.08 um 19:42:31[hr][br].
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 17:39 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-03-27 20:57 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-03-27 20:57 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-03-27 20:57 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-03-27 20:57 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-03-27 19:22 --------- d-----w C:\Programme\Norton AntiVirus
    2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-15 15:38 --------- d-----w C:\Dokumente und Einstellungen\Nicole\Anwendungsdaten\Corel
    2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2008-03-01 12:54 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2008-03-01 12:54 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-03-01 12:54 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2008-03-01 12:54 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2008-03-01 12:54 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:54 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-05-26 15:46 93,032 ----a-w C:\Dokumente und Einstellungen\reto\Anwendungsdaten\GDIPFONTCACHEV1.DAT
    2006-09-26 15:37 303,104 ----a-w C:\Programme\WinCinemaMgr.exe
    2006-09-26 15:37 13 ----a-w C:\Programme\Sansa Media Converter.exe.local
    2006-09-26 15:34 978,944 ----a-w C:\Programme\Sansa Media Converter.exe
    2006-09-26 15:33 69,632 ----a-w C:\Programme\ScaleX.ax
    2006-09-26 15:32 73,728 ----a-w C:\Programme\MP4Mux.dll
    2006-09-26 15:32 32,768 ----a-w C:\Programme\DsReadWrite.dll
    2006-09-26 15:31 466,944 ----a-w C:\Programme\iviIPL.dll
    2006-09-26 15:31 229,376 ----a-w C:\Programme\iviSurface.dll
    2006-09-26 15:31 110,592 ----a-w C:\Programme\iviWaveDump.ax
    2006-09-26 15:27 45,056 ----a-w C:\Programme\NullVideo.ax
    2006-09-26 15:26 45,056 ----a-w C:\Programme\NullAudio.ax
    2006-09-26 15:26 192,512 ----a-w C:\Programme\IviColorSpace.ax
    2006-09-26 15:26 102,400 ----a-w C:\Programme\KeepRatio.ax
    2006-09-26 15:24 36,864 ----a-w C:\Programme\DSProfileGen.dll
    2006-09-26 15:23 81,920 ----a-w C:\Programme\iviDivxSubtitleDump.ax
    2006-09-26 15:23 73,728 ----a-w C:\Programme\iviQTWriter.ax
    2006-09-26 15:23 69,632 ----a-w C:\Programme\iviQTsource.ax
    2006-09-26 15:23 49,152 ----a-w C:\Programme\iviDVDSPICDEC.ax
    2006-09-26 15:23 192,512 ----a-w C:\Programme\IVIH264VENC.ax
    2006-09-26 15:22 217,088 ----a-w C:\Programme\Write3g.ax
    2006-09-26 15:21 188,416 ----a-w C:\Programme\AmrEnc.ax
    2006-09-26 15:21 172,032 ----a-w C:\Programme\AmrDec.ax
    2006-09-26 15:21 131,072 ----a-w C:\Programme\Source3g.ax
    2006-09-26 15:16 499,712 ----a-w C:\Programme\iviIPLW7.dll
    2006-09-26 15:16 491,520 ----a-w C:\Programme\iviIPLA6.dll
    2006-09-26 15:16 466,944 ----a-w C:\Programme\iviIPLPX.dll
    2006-09-26 15:16 442,368 ----a-w C:\Programme\iviIPLP6.dll
    2006-09-26 15:16 434,176 ----a-w C:\Programme\iviIPLM6.dll
    2006-09-26 15:16 421,888 ----a-w C:\Programme\iviIPLM5.dll
    2006-09-26 15:05 98,304 ----a-w C:\Programme\DiscRead.ax
    2006-09-26 15:05 135,168 ----a-w C:\Programme\dmc.dll
    2006-09-26 15:02 98,304 ----a-w C:\Programme\StorageTools.dll
    2006-09-26 15:01 974,848 ----a-w C:\Programme\dm.dll
    2006-08-30 15:33 8,903 ----a-w C:\Programme\License.txt
    2006-08-28 06:36 159,744 ----a-w C:\Programme\DeviceManager.dll
    2006-08-26 02:03 422,638 ----a-w C:\Programme\Sansa Media Converter.chm
    2006-08-18 11:32 37,174 ----a-w C:\Programme\MobileDevConfig2.xml
    2006-08-18 11:31 37,534 ----a-w C:\Programme\MobileDevConfig.xml
    2006-07-27 11:00 267 ----a-w C:\Programme\DeviceConfig.xml
    2006-07-12 14:21 393,285 ----a-w C:\Programme\MP4VENC.ax
    2006-07-07 12:23 573,440 ----a-w C:\Programme\H264enc_r.dll
    2006-04-06 18:42 1,478,656 ----a-w C:\Programme\IVInav.ax
    2005-11-25 16:40 3,286 ----a-w C:\Programme\divx6subpic_highlight.bmp
    2005-11-25 16:40 19,062 ----a-w C:\Programme\divx6subpic_normal.bmp
    2005-11-22 13:33 3,286 ----a-w C:\Programme\divx6pre_highlight.bmp
    2005-11-22 13:32 3,286 ----a-w C:\Programme\divx6next_highlight.bmp
    2005-11-22 13:30 3,286 ----a-w C:\Programme\divx6audio_highlight.bmp
    2005-11-09 14:40 81,920 ----a-w C:\Programme\aviwriter.ax
    2005-11-09 09:27 131,072 ----a-w C:\Programme\DMFCreate.ax
    2005-11-04 16:28 94,208 ----a-w C:\Programme\aviMux.dll
    2005-10-14 08:05 3,813,376 ----a-w C:\Programme\IVIVIDEO.ax
    2005-08-15 11:52 10,872 ----a-w C:\Programme\divx6window_on.bmp
    2005-07-14 18:24 19,062 ----a-w C:\Programme\divx6audio_normal.bmp
    2005-07-01 11:17 188,493 ----a-w C:\Programme\ivimux.ax
    2005-07-01 11:17 1,044,559 ----a-w C:\Programme\iviaenc.ax
    2005-05-25 15:22 1,167,360 ----a-w C:\Programme\divxenc.ax
    2005-04-13 12:44 64,566 ----a-w C:\Programme\divx6window_normal.bmp
    2005-04-12 18:23 19,062 ----a-w C:\Programme\divx6pre_normal.bmp
    2005-04-12 18:23 19,062 ----a-w C:\Programme\divx6next_normal.bmp
    2005-04-08 13:42 46,976 ----a-w C:\Programme\empty.bmp
    2005-04-08 13:42 166,116 ----a-w C:\Programme\disc_pal.bmp
    2005-04-08 13:42 1,036,856 ----a-w C:\Programme\background.bmp
    2005-04-08 13:41 166,116 ----a-w C:\Programme\disc_ntsc.bmp
    2005-03-23 15:14 307,305 ----a-w C:\Programme\IVIdemux.ax
    2005-03-15 20:26 67,327 ----a-w C:\Programme\dm.inf
    2005-02-16 09:15 921,654 ----a-w C:\Programme\divx6backgroud.bmp
    2004-07-20 16:15 81,920 ----a-w C:\Programme\ippvc20.dll
    2003-08-18 00:52 1,036,856 ----a-w C:\Programme\mdvd_base.bmp
    .

    (((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
    2007-05-18 00:05 71184 -ra------ C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 05:00 15360]
    swg=C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    SynTPEnh=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 16:32 761945]
    RTHDCPL=RTHDCPL.EXE [2006-01-11 17:23 15961088 C:\WINDOWS\RTHDCPL.exe]
    AzMixerSel=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 19:51 53248]
    AGRSMMSG=AGRSMMSG.exe [2005-09-09 11:20 88203 C:\WINDOWS\AGRSMMSG.exe]
    ntiMUI=C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 17:15 45056]
    IMJPMIG8.1=C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [2004-08-04 05:00 208952]
    MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 05:00 59392]
    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [2004-08-04 05:00 455168]
    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [2004-08-04 05:00 455168]
    NvCplDaemon=C:\WINDOWS\system32\NvCpl.dll [2006-01-19 00:43 7397376]
    NvMediaCenter=C:\WINDOWS\system32\NvMcTray.dll [2006-01-19 00:43 86016]
    PCMService=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-03-23 00:12 151552]
    LMgrOSD=C:\Programme\Launch Manager\OSDCtrl.exe [2005-07-25 10:45 241664]
    Wbutton=C:\Programme\Launch Manager\Wbutton.exe [2006-04-20 09:23 86016]
    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 15:00 345088]
    ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-03-30 18:47 421888]
    Boot=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 22:12 579584]
    Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 16:39 204800]
    eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 16:43 401408]
    LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE [2006-04-06 19:22 225280]
    LogitechCameraAssistant=C:\Programme\Acer\OrbiCam\CameraAssistant.exe [2006-04-06 19:00 331776]
    LogitechVideo[inspector]=C:\Programme\Acer\OrbiCam\InstallHelper.exe [2006-04-06 19:06 73728]
    LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 18:22 262144]
    ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe [2005-12-30 14:02 40960]
    SunJavaUpdateSched=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 04:25 144784]
    Windows Defender=C:\Programme\Windows Defender\MSASCui.exe [2006-11-03 18:20 866584]
    pdfSaver3= []
    QuickTime Task=C:\Programme\QuickTime\qttask.exe [2007-12-11 10:56 286720]
    iTunesHelper=C:\Programme\iTunes\iTunesHelper.exe [2007-12-11 12:10 267048]
    Adobe Photo Downloader=C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 20:33 57344]
    osCheck=C:\Programme\Norton AntiVirus\osCheck.exe [2007-01-14 00:11 771704]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 05:00 15360]
    DWQueuedReporting=C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe [2007-02-26 09:01 437160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    SynchronousMachineGroupPolicy= 0 (0x0)
    SynchronousUserGroupPolicy= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    {56F9679E-7826-4C84-81F3-532071A8BCC5}= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    msacm.mkdmp3enc= C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    AntiVirusDisableNotify=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    DisableMonitoring=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    DisableMonitoring=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    DisableMonitoring=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    EnableFirewall= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    %windir%\\system32\\sessmgr.exe=
    C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe=
    C:\\Programme\\Internet Explorer\\IEXPLORE.EXE=
    %windir%\\Network Diagnostic\\xpnetdiag.exe=
    C:\\Programme\\Zattoo\\zattood.exe=
    C:\\Programme\\Zattoo\\Zattoo.exe=
    C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\GMX\\gmx_Update.exe=
    C:\\Programme\\Azureus\\Azureus.exe=
    C:\\Programme\\Zattoo\\Zattoo1.exe=
    C:\\Programme\\Skype\\Phone\\Skype.exe=
    C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE=
    C:\\Programme\\Microsoft Office\\Office12\\groove.exe=
    C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE=
    C:\\Programme\\uTorrent\\uTorrent.exe=
    C:\\Programme\\Bonjour\\mDNSResponder.exe=
    C:\\Programme\\iTunes\\iTunes.exe=
    C:\\PROGRA~1\\GEMEIN~1\\MICROW~1\\Agent\\MWAGENT.EXE=
    C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe=
    C:\\Programme\\Windows Live\\Messenger\\livecall.exe=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    5900:TCP= 5900:TCP:vnc5900
    5800:TCP= 5800:TCP:vnc5800

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R2 AdminSVC;GMX Browser Update;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe [2006-10-31 07:04]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
    R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
    R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
    R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
    R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys [2005-01-13 15:22]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 09:46]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
    R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
    R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
    S3 TridDev;Freecom USB Hybrid TV Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 22:01]
    S3 TridVid;Freecom USB Hybrid TV Receiver;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-07-14 10:39]

    .
    Inhalt des geplante Tasks Ordners
    2008-04-29 18:23:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Programme\Windows Defender\MpCmdRun.exe
    2008-04-29 18:10:04 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
     
  9. Hallo,

    ««
    Virustotal http://www.virustotal.com/flash/index_en.html

    C:\symlcsv1.exe


    Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf Senden der Datei... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

    ---------------------------------------------------------------------------

    ««
    Start - Ausführen - regedit

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    AntiVirusDisableNotify=dword:00000001 - in 0 ändern

    rechtsklick auf den Eintrag AntiVirusDisableNotify

    [​IMG]

    die 1 wegklicken und 0 reinschreiben, dann abspeichern

    [​IMG]

    ---------------------------------------------------------

    2.
    http://virus-protect.org/artikel/tools/otmoveIt.html
    öffne: OTMoveIt.exe
    OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move
    Klicke auf den Roten MoveIt!

    -----------------------------------------------------

    3.
    PC neustarten

    --------------------------------------------------

    4..
    Start - Ausführen - Kopiere rein: Combofix /U
    - klicke OK

    -------------------------------------------------

    5.
    scanne mit Malwarebytes, lasse alles entfernen, was noch gefunden wird + poste hier den Report
    http://virus-protect.org/artikel/tools/malwarebytes.html
     
  10. Hallo Sabina,

    Muss man das Tool vorher kaufen, bis man die Daten 1. ansehen 2. löschen kann?
    Mein Vermieter hat dadurch nur den Hinweis bekommen, das 34 Infizierungen sind, keine Daten oder oder oder.

    Hast du ein Tipp?
     
Die Seite wird geladen...

virenbefall - Ähnliche Themen

Forum Datum
Virenbefall? Bitte Infos zu meinem hijackthis.log Windows XP Forum 26. Sep. 2007
Virenbefall Windows XP Forum 24. Apr. 2006
Virenbefall Windows XP Forum 18. Apr. 2006
Hilfe nach virenbefall! Viren, Trojaner, Spyware etc. 18. März 2006
Einstellungsprobleme nach Virenbefall ... Windows XP Forum 4. Dez. 2005