tr/obfuscated.bk.2 per Netpumper eingefangen?

#1 Hallo, hab mir wohl, wie auch schon in einem anderen Thread berichtet, auch wohl über Netpumper den o.g. Trojaner eingefangen.

Nach ner Systemwiederherstellung schien alles ok zu sein, Antivir meldet jedoch seit dem dauernd den Trojaner. Löschen nützt nichts.

Kann mir wer helfen?

Logfile of HijackThis v1.99.1
Scan saved at 18:39:59, on 17.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Benjamin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Save Flash - res://C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {F3CDA5C6-98F4-456B-BDDE-9A4666C8696A} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {F3CDA5C6-98F4-456B-BDDE-9A4666C8696A} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} (FormelEditor Control) - file://C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\CRVVYC\frmeditor.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129064496372
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\programme\windows media connect\mswmccds.exe (file missing)
O23 - Service: Windows Media Connect-Hilfsprogramm (WmcCdsLs) - Unknown owner - C:\Programme\Windows Media Connect\mswmcls.exe (file missing)



"Benjamin" - 07-01-17 18:52:10 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Dokumente und Einstellungen\Benjamin\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 01:30 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-01-17 01:30 <DIR> d-------- C:\Programme\eRightSoft
2007-01-17 01:10 <DIR> d-------- C:\DOKUME~1\Benjamin\dwhelper
2007-01-16 16:31 <DIR> d-------- C:\Programme\Yahoo!
2007-01-16 16:31 <DIR> d-------- C:\Programme\ElcomSoft
2007-01-16 16:31 <DIR> d-------- C:\Programme\directx
2007-01-16 16:31 <DIR> d-------- C:\Programme\Digital
2007-01-16 15:32 <DIR> d-------- C:\Programme\Enigma Software Group
2007-01-16 00:49 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\BIB CREATIVE BLEH INSIDE
2007-01-16 00:48 <DIR> d-------- C:\DOKUME~1\Benjamin\Anwendungsdaten\LocksShowDash
2007-01-11 17:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Adobe
2007-01-11 16:39 <DIR> d-------- C:\Programme\WaveMaker
2007-01-11 16:29 <DIR> d-------- C:\Programme\ABC Amber Audio Converter
2007-01-10 16:48 <DIR> d-------- C:\Programme\SourceTec
2007-01-09 16:54 <DIR> d-------- C:\DOKUME~1\Benjamin\Anwendungsdaten\OpenOffice.org2
2007-01-09 16:51 <DIR> d-------- C:\Programme\OpenOffice.org 2.1
2007-01-07 21:12 <DIR> d-------- C:\Programme\UnH Solutions
2007-01-07 20:49 <DIR> d-------- C:\Dokumente und Eintellungen
2007-01-03 22:14 <DIR> d-------- C:\Programme\MyPhoneExplorer
2007-01-03 22:14 <DIR> d-------- C:\DOKUME~1\Benjamin\Anwendungsdaten\MyPhoneExplorer
2006-12-20 18:28 <DIR> d-------- C:\ljeuro


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 18:45 -------- d-------- C:\Programme\mozilla thunderbird
2007-01-17 18:45 -------- d-------- C:\Programme\mozilla firefox
2007-01-17 14:58 -------- d-------- C:\Programme\java
2007-01-16 16:31 -------- d-------- C:\Programme\common files
2007-01-11 16:55 -------- d-------- C:\DOKUME~1\Benjamin\Anwendungsdaten\adobeum
2007-01-09 16:03 20436 --a------ C:\DOKUME~1\Benjamin\Anwendungsdaten\wklnhst.dat
2007-01-06 11:05 -------- d-------- C:\Programme\antivir personaledition classic
2006-12-14 23:54 -------- d-------- C:\DOKUME~1\Benjamin\Anwendungsdaten\skype
2006-12-12 20:02 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-12 20:02 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-12 14:15 845312 --a------ C:\WINDOWS\system32\smab.dll
2006-11-22 00:09 -------- d-------- C:\Programme\miranda im
2006-11-12 13:44 306688 --a------ C:\WINDOWS\system32\avisynth.dll
2006-10-06 13:42 344064 --a------ C:\Programme\uninstall.exe
2006-10-06 13:42 225 --a------ C:\Programme\uninstall.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"NotebookHardwareControl"="\"C:\\Programme\\Notebook Hardware Control\\nhc.exe\" -quiet"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
@=""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^phase6_Erinnerung.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\phase6_Erinnerung.lnk"
"backup"="C:\\WINDOWS\\pss\\phase6_Erinnerung.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\phase6\\PHASE6~1\\WinStart\\WinStart.exe "
"item"="phase6_Erinnerung"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CtrlVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CursorXP"
"hkey"="HKCU"
"command"="C:\\Programme\\CursorXP\\CursorXP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchUpgrader"
"hkey"="HKLM"
"command"="C:\\Programme\\Common files\\SearchUpgrader\\SearchUpgrader.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=dword:00000003
"winvnc"=dword:00000002
"UserAccess7"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"=hex:01,00,00,00
"NoSMMyPictures"=hex:01,00,00,00
"NoLogoff"=hex:01,00,00,00
"NoSMHelp"=hex:01,00,00,00
"NoClose"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NHCACPI_DRIVER


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A804D4E4929748B0.job

Completion time: 07-01-17 18:55:44



Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\system32

07-01-17 14:58 9,132 jupdate-1.5.0_10-b03.log
07-01-16 16:34 1,158 wpa.dbl
07-01-12 12:21 255,064 FNTCACHE.DAT
06-12-12 14:15 845,312 Smab.dll
06-11-17 12:46 8,891 jupdate-1.5.0_09-b03.log
06-11-12 13:44 306,688 avisynth.dll
06-11-09 15:07 127,078 javaws.exe
06-11-09 15:07 49,265 jpicpl32.cpl
06-11-09 13:28 53,346 javaw.exe
06-11-09 13:28 49,248 java.exe
06-10-29 15:07 396,894 perfh009.dat
06-10-29 15:07 61,454 perfc009.dat
06-10-29 15:07 411,234 perfh007.dat
06-10-29 15:07 74,136 perfc007.dat
06-10-29 15:07 954,130 PerfStringBackup.INI
06-10-16 18:49 16,896 grwinsthlp.exe


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\DOKUME~1\Benjamin\LOKALE~1\Temp

07-01-17 18:55 173 jusched.log
1 Datei(en) 173 Bytes
0 Verzeichnis(se), 42,447,482,880 Bytes frei


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS

07-01-17 18:44 1,125 winamp.ini
07-01-17 14:47 4,236 ModemLog_Agere Systems AC'97 Modem.txt
07-01-17 14:47 50 wiaservc.log
07-01-17 14:47 159 wiadebug.log
07-01-17 14:47 0 0.log
07-01-17 14:47 2,048 bootstat.dat
07-01-17 01:37 32,626 SchedLgU.Txt
07-01-17 01:37 1,095,466 WindowsUpdate.log
07-01-16 16:31 1,739 KB917344.log
07-01-16 16:31 818,854 setupapi.log
07-01-16 16:31 3,234 KB917953.log
07-01-16 16:31 3,236 KB923191.log
07-01-16 16:31 3,143 KB917422.log
07-01-16 16:30 3,347 KB920683.log
07-01-16 16:30 3,039 KB926255.log
07-01-16 16:30 2,945 KB920213.log
07-01-16 16:30 2,918 KB914389.log
07-01-16 16:29 2,819 KB916595.log
07-01-16 16:29 2,652 KB923694.log
07-01-11 16:05 23,802 cdplayer.ini
07-01-04 01:49 9,292 super.chm
06-12-20 18:29 1,376 HPLJEURO.LOG
06-12-05 18:03 197 OPLP.INI
06-11-15 01:08 116 NeroDigital.ini
06-10-28 13:43 1,150,022 DPINST.LOG


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\temp



Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-06-22 10:41 5,032 swflash.inf


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\

07-01-17 19:04 0 sys.txt
07-01-17 19:04 857 down.txt
07-01-17 19:04 111 tmp.txt
07-01-17 19:03 7,727 system.txt
07-01-17 19:02 287 systemtemp.txt
07-01-17 19:01 102,786 system32.txt
07-01-17 18:55 11,378 ComboFix2.txt
07-01-17 14:47 792,723,456 pagefile.sys
07-01-07 21:15 2,541 Enlish.lng
07-01-07 21:15 202,085 keyball.swf
07-01-07 21:15 202,085 keyball01.swf
07-01-03 22:56 63,459 hpfr5100.log
06-10-16 18:53 0 UnInstall.dat

#2 proebi

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader

Files to delete:
C:\WINDOWS\tasks\A804D4E4929748B0.job

Folders to delete:
C:\Programme\Common files\SearchUpgrader
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIB CREATIVE BLEH INSIDE
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\LocksShowDash

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
scanne mit Counterspy
loesche alles gefundene mit remove
http://virus-protect.org/counterspy.html
__________
__________
MfG Sabina

rund um die PC-Sicherheit