TR\Dldr.WMA.Wimad.K.3 befall!

#1 Hallo,habe den o.g. trojaner,den ich mit antivir gefunden habe und in quarantäne gesetzt.habe combofix und hjt aber datfind startet kurz und schließt sofort wieder?

ComboFix 08-01-04.1 - P&H 2008-01-07 15:04:07.2 - NTFSx86
ausgeführt von:: C:\Users\P&H\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-07 bis 2008-01-07 ))))))))))))))))))))))))))))))
.

2008-01-07 14:53 . 2008-01-07 14:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 17:48 . 2008-01-06 17:48 <DIR> d-------- C:\Users\P&H\AppData\Roaming\WildTangent
2008-01-06 13:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-06 13:40 . 2008-01-06 13:40 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-06 12:13 . 2008-01-06 12:13 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-06 12:12 . 2008-01-06 12:37 <DIR> d-------- C:\Users\P&H\AppData\Roaming\ICQ
2008-01-06 12:12 . 2008-01-06 12:37 <DIR> d-------- C:\Program Files\ICQ6
2008-01-06 12:11 . 2008-01-06 12:11 <DIR> d-------- C:\Users\P&H\AppData\Roaming\InstallShield
2008-01-06 02:32 . 2008-01-06 02:32 <DIR> d-------- C:\Users\P&H\AppData\Roaming\vlc
2008-01-06 01:54 . 2008-01-06 01:54 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-06 01:29 . 2008-01-06 01:29 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Thunderbird
2008-01-06 01:29 . 2008-01-06 01:29 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-01-05 20:11 . 2008-01-06 00:11 <DIR> d-------- C:\Program Files\PokerStars
2008-01-05 18:23 . 2003-07-20 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-01-05 18:23 . 2005-01-04 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-01-05 18:16 . 2008-01-05 18:24 <DIR> d-------- C:\Users\All Users\NexonUS
2008-01-05 18:16 . 2008-01-05 18:24 <DIR> d-------- C:\ProgramData\NexonUS
2008-01-05 18:02 . 2008-01-07 07:14 27,145 --a------ C:\Users\P&H\AppData\Roaming\nvModes.dat
2008-01-05 16:04 . 2008-01-07 08:05 <DIR> d-------- C:\Users\P&H\AppData\Roaming\skypePM
2008-01-05 16:04 . 2008-01-05 16:04 32 --a------ C:\Users\All Users\ezsid.dat
2008-01-05 16:04 . 2008-01-05 16:04 32 --a------ C:\ProgramData\ezsid.dat
2008-01-05 15:59 . 2008-01-07 14:52 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\Users\All Users\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\ProgramData\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\Program Files\Skype
2008-01-05 15:58 . 2008-01-05 15:58 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\P&H\AppData\Roaming\HP
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\P&H\AppData\Roaming\CyberLink
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\All Users\HP
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\ProgramData\HP
2008-01-05 14:59 . 2008-01-05 14:59 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Talkback
2008-01-05 14:58 . 2008-01-05 14:58 0 --a------ C:\Windows\nsreg.dat
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\Users\All Users\Avira
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\ProgramData\Avira
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\Program Files\Avira
2008-01-05 14:20 . 2008-01-05 14:20 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-05 14:20 . 2008-01-05 14:20 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-05 14:20 . 2008-01-05 14:20 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-05 14:20 . 2008-01-05 14:20 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-05 14:20 . 2008-01-05 14:20 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-05 14:20 . 2008-01-05 14:20 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-05 14:18 . 2008-01-05 14:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 14:18 . 2008-01-05 14:18 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-01-05 14:17 . 2008-01-05 14:17 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-05 14:17 . 2008-01-05 14:17 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-05 14:14 . 2008-01-05 14:14 <DIR> d-------- C:\Users\All Users\Google
2008-01-05 14:14 . 2008-01-05 14:14 <DIR> d-------- C:\Program Files\Google
2008-01-05 14:04 . 2008-01-05 14:04 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-05 14:04 . 2008-01-05 14:04 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-05 14:04 . 2008-01-05 14:04 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-01-05 14:04 . 2008-01-05 14:04 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-01-05 14:04 . 2008-01-05 14:04 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-01-05 14:04 . 2008-01-05 14:04 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-05 14:04 . 2008-01-05 14:04 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-05 14:04 . 2008-01-05 14:04 33,624 --a------ C:\Windows\System32\wups.dll
2008-01-05 14:04 . 2008-01-05 14:04 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-01-05 14:01 . 2008-01-05 14:01 <DIR> d-------- C:\Users\P&H\Bluetooth Software
2008-01-05 14:00 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Searches
2008-01-05 14:00 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Contacts
2008-01-05 14:00 . 2008-01-05 14:00 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Symantec
2008-01-05 14:00 . 2008-01-05 14:00 <DIR> d-------- C:\Users\P&H\AppData\Roaming\DigitalPersona
2008-01-05 13:59 . 2008-01-05 13:59 81 --a------ C:\Windows\System32\LOG
2008-01-05 13:59 . 2008-01-05 13:59 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-01-05 13:55 . 2008-01-05 14:01 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Hewlett-Packard
2008-01-05 13:53 . 2008-01-05 13:53 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-01-05 13:53 . 2008-01-05 13:53 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-01-05 13:48 . 2008-01-05 13:53 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-05 13:47 . 2008-01-05 13:47 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Macrovision
2008-01-05 13:46 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Videos
2008-01-05 13:46 . 2008-01-06 01:19 <DIR> dr------- C:\Users\P&H\Saved Games
2008-01-05 13:46 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Pictures
2008-01-05 13:46 . 2008-01-05 16:09 <DIR> dr------- C:\Users\P&H\Music
2008-01-05 13:46 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Links
2008-01-05 13:46 . 2008-01-05 14:00 <DIR> dr------- C:\Users\P&H\Downloads
2008-01-05 13:46 . 2008-01-06 20:17 <DIR> dr------- C:\Users\P&H\Documents
2008-01-05 13:46 . 2006-11-02 13:37 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Media Center Programs
2008-01-05 13:46 . 2008-01-05 13:46 <DIR> d--h----- C:\Users\P&H\AppData
2008-01-05 13:46 . 2008-01-05 13:46 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF75024LT_E459053-043_4A_I30CB_SQuanta_V79.26_F.33_T071112_WV3-0_L
407_M2046_J250_7Intel_86FB_92.20_#071127
_N10EC8168;80864229_(KL014EA#ABD)_XMOBILE_CN10_Z.MRK
2008-01-05 13:38 . 2008-01-05 13:38 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2007-12-14 02:43 . 2008-01-05 14:00 <DIR> d-------- C:\Users\All Users\NVIDIA
2007-12-14 02:43 . 2008-01-05 14:00 <DIR> d-------- C:\ProgramData\NVIDIA
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\tr
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\ru
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\ko
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\ja
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\it
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\fr
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\System32\es
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Windows\DPDrv
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Users\All Users\Macrovision
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\ProgramData\Macrovision
2007-12-14 02:40 . 2007-12-14 02:40 <DIR> d-------- C:\Program Files\DigitalPersona
2007-12-14 02:38 . 2008-01-06 17:48 <DIR> d-------- C:\Users\All Users\WildTangent
2007-12-14 02:38 . 2008-01-06 17:48 <DIR> d-------- C:\ProgramData\WildTangent
2007-12-14 02:38 . 2007-12-14 02:40 <DIR> d-------- C:\Program Files\HP Games
2007-12-14 02:34 . 2007-12-14 02:34 <DIR> d-------- C:\Program Files\HPQ
2007-12-14 02:34 . 2007-06-08 14:46 1,560,576 --a------ C:\Windows\System32\BttnCmns_64.dll
2007-12-14 02:34 . 2006-06-30 06:46 1,560,576 --a------ C:\Windows\System32\BttnCmns.dll
2007-12-14 02:34 . 2006-11-02 07:09 1,419,232 --a------ C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2007-12-14 02:34 . 2005-10-31 15:30 987,136 --a------ C:\Windows\System32\BttnCmn.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 13:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-05 13:35 --------- d-----w C:\ProgramData\Symantec
2008-01-05 13:24 --------- d-----w C:\Program Files\Windows Mail
2008-01-05 13:21 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-05 13:21 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 13:21 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-05 13:21 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 13:21 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 13:21 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 13:21 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 13:21 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-05 13:21 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-05 13:21 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 13:21 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 13:21 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-05 13:21 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-05 13:21 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-05 13:21 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-05 13:21 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-05 13:21 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-05 13:21 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-05 13:21 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-01-05 13:21 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-05 13:19 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-05 13:19 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-05 13:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-05 13:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-05 13:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-05 13:19 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-05 13:19 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-05 13:13 --------- d-----w C:\Program Files\Java
2008-01-05 13:01 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Vorlagen
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Startmenü
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Favoriten
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Dokumente
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-01-05 12:38 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2007-12-14 01:41 --------- d-----w C:\Program Files\Online-Dienste
2007-12-14 01:37 --------- d-----w C:\Program Files\CyberLink
2007-12-14 01:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-14 01:32 --------- d-----w C:\Program Files\Hp
2007-12-14 01:24 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 01:24 315,392 ----a-w C:\Windows\HideWin.exe
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Journal
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-27 06:07 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-27 06:07 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-27 06:07 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-27 06:07 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-27 06:07 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-27 06:07 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-27 06:07 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-27 06:07 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-27 06:07 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-26 23:38 --------- d-----w C:\Program Files\Common Files\Java
2007-11-26 23:28 39,936 ----a-w C:\Windows\System32\dwmapi.dll
2007-11-26 23:28 2,016,256 ----a-w C:\Windows\System32\milcore.dll
2007-11-26 23:28 1,585,152 ----a-w C:\Windows\System32\setupapi.dll
2007-11-26 23:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-26 23:27 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-26 23:27 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-26 23:27 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
2007-11-26 23:27 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-26 23:27 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
2007-11-26 23:27 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-26 23:27 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-26 23:27 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-26 23:27 132,864 ----a-w C:\Windows\system32\drivers\usbvideo.sys
2007-11-26 23:27 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
2007-11-26 23:26 50,792 ----a-w C:\Windows\system32\drivers\termdd.sys
2007-11-26 23:26 50,280 ----a-w C:\Windows\system32\drivers\volmgr.sys
2007-11-26 23:26 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2007-11-26 23:26 28,776 ----a-w C:\Windows\system32\drivers\mssmbios.sys
2007-11-26 23:26 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2007-11-26 23:26 22,632 ----a-w C:\Windows\System32\streamci.dll
2007-11-26 23:26 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2007-11-26 23:26 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2007-11-26 23:26 140,392 ----a-w C:\Windows\system32\drivers\pci.sys
2007-11-26 23:26 13,928 ----a-w C:\Windows\system32\drivers\msisadrv.sys
2007-11-26 23:26 12,776 ----a-w C:\Windows\system32\drivers\swenum.sys
2007-11-26 23:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 23:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-26 23:21 --------- d-----w C:\Program Files\Alice
2007-11-26 23:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-26 23:10 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-26 23:09 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-11-26 23:09 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-26 23:08 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-26 23:08 --------- d-----w C:\Program Files\Microsoft Works
2007-11-26 22:51 97,792 ----a-w C:\Windows\System32\sdshext.dll
2007-11-26 22:51 727,040 ----a-w C:\Windows\System32\sdengin2.dll
2007-11-26 22:51 102,912 ----a-w C:\Windows\System32\sdrsvc.dll
2007-11-26 22:51 1,192,960 ----a-w C:\Windows\System32\sdclt.exe
2007-11-26 22:38 174 --sha-w C:\Program Files\desktop.ini
2007-11-26 22:34 --------- d-----w C:\Program Files\Windows Defender
2007-11-26 22:34 --------- d-----w C:\Program Files\Windows Calendar
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_14.07.03.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-06 13:03:15 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-07 14:01:16 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-06 12:58:26 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-01-06 18:23:56 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-01-06 12:58:26 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-01-06 18:23:56 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-01-05 13:38:37 164,696 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-01-06 19:38:20 164,696 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-01-06 12:10:23 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-07 14:02:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-06 13:03:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-07 14:03:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-07 14:03:24 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-06 12:39:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-07 14:02:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-06 13:03:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-07 14:03:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-07 14:03:29 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-05 17:02:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-07 13:52:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-05 17:02:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-07 13:52:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-05 17:02:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-07 13:52:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-06 12:59:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-07 14:04:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-07 14:04:00 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-06 11:02:10 116,706 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-01-07 13:41:33 116,706 ----a-w C:\Windows\System32\perfc007.dat
- 2008-01-06 11:02:10 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-07 13:41:33 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-06 11:02:10 641,344 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-01-07 13:41:33 641,344 ----a-w C:\Windows\System32\perfh007.dat
- 2008-01-06 11:02:10 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-07 13:41:33 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-06 10:57:26 3,380 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227462880-3420938934-2899272877-1000_UserData.bin
+ 2008-01-07 14:03:53 3,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227462880-3420938934-2899272877-1000_UserData.bin
- 2008-01-06 10:57:25 51,578 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-07 14:03:53 53,896 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-06 10:57:24 26,684 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-07 14:03:50 30,248 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [2008-01-05 14:14 162744]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 14:27 4702208 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 11:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-26 22:57 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 14:53 249896]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 19:34]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 19:34]
R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 14:12]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 14:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 14:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 16:09]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 00:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 23:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

.
Inhalt des "geplante Tasks" Ordners
"2008-01-07 14:06:22 C:\Windows\Tasks\User_Feed_Synchronization-{60C00466-13F2-4B7B-9A58-3CA3FDE66926}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 15:07:10
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-07 15:07:49
ComboFix-quarantined-files.txt 2008-01-07 14:07:46
ComboFix2.txt 2008-01-06 13:07:26
.
2008-01-06 12:40:50 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:42, on 07.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HJT\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9684 bytes
__________
Intel Core 2Duo 2,2GHz,2GB Ram
Nvidia GForce 8600M GS

#2 Hallo Piodre

««
überprüfe diese exe und poste den Report hier:
http://www.virustotal.com/

C:\Windows\system32\conime.exe

C:\Windows\system32\msconfig.exe

««
du kannst es noch mit Onlinescans versuchen, z.b. Bitdefender, panda, Ewido usw...
http://board.protecus.de/t8642.htm

---------------------------------------------------
warum hast du msconfig im Autostart ?
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 korrekt,das hört sich gut an!also mit dem autostart hängt wahrscheilnlich mit vista zusammen,oder?ist ne ori version.
wollte mal fragen wie ich meinen rechner am besten schützen sollte?antivir oder kaspersky?se-adware?was empfiehlst du mir?
warum startet datfind nicht?

Datei conime.exe empfangen 2008.01.07 18:17:29 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit is zwischen 41 und 59 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.06 -
AVG 7.5.0.516 2008.01.07 -
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 -
DrWeb 4.44.0.09170 2008.01.07 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5438 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.06 -
F-Secure 6.70.13030.0 2008.01.07 -
Ikarus T3.1.1.15 2008.01.07 -
Kaspersky 7.0.0.125 2008.01.07 -
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.07 -
NOD32v2 2770 2008.01.07 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.07 -
Prevx1 V2 2008.01.07 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 -
weitere Informationen
File size: 68608 bytes
MD5: 05cb3da78a4bbd9b799a5957f9d101cc
SHA1: a012c3a14e8117d3b68c215101a84de10b33e0f5
PEiD: -

Datei msconfig.exe empfangen 2008.01.07 18:26:22 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 5.
Geschätzte Startzeit is zwischen 50 und 72 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 -
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 -
DrWeb 4.44.0.09170 2008.01.07 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5438 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.06 -
F-Secure 6.70.13030.0 2008.01.07 -
Ikarus T3.1.1.15 2008.01.07 -
Kaspersky 7.0.0.125 2008.01.07 -
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.07 -
NOD32v2 2770 2008.01.07 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.07 -
Prevx1 V2 2008.01.07 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 -
weitere Informationen
File size: 222208 bytes
MD5: 1bb128a09911a936e8efc30c3f6c597c
SHA1: ab3db30c395cee3661513ac1da412044e907e037
PEiD: -
__________
Intel Core 2Duo 2,2GHz,2GB Ram
Nvidia GForce 8600M GS

#4 ich persönlich mag den Avira, verbraucht nicht so viel Ressourcen, hat einen Wächter, die Prof-Version (nicht kostenlos) ist sehr gut
http://www.virus-protect.org/antivirus.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/