Spyware pop-up fenster im IE und Mozilla

#1 Hallo,

an meinen lapi popt seit gestern was auf. da mine freundin den laptop hatte weis ich nicht was loswar. ich habe ein screen mal gemacht und sende ihn mit. wer weiß was des ist. Lg

#2 Dan scanne mal mit ein Anti spyware scanner

Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download MBAM
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Komplett Scan durchfuehren" .
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu
__________
MfG Argus

#3 Malwarebytes' Anti-Malware 1.12
Datenbank Version: 760

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 156138
Scan Dauer: 1 hour(s), 5 minute(s), 17 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)



Bisher kam es noch des pop up

#4 Hallo duaffentier

Dann arbeite einmal die Punkte 1-3 ab und poste die logs:
http://board.protecus.de/t23188.htm

Gruss Swiss

#5 Ok.

1.CCleaner Ok

----------------------------------------

2. ComboFix

ComboFix 08-05-20.5 - Nani 2008-05-21 22:03:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.447 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Nani\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Dokumente und Einstellungen\Nani\Lokale Einstellungen\Anwendungsdaten\grlqmrwutj.dat
C:\Dokumente und Einstellungen\Nani\Lokale Einstellungen\Anwendungsdaten\grlqmrwutj.exe
c:\Dokumente und Einstellungen\Nani\Lokale Einstellungen\Anwendungsdaten\grlqmrwutj_nav.dat
c:\Dokumente und Einstellungen\Nani\Lokale Einstellungen\Anwendungsdaten\grlqmrwutj_navps.dat

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-21 bis 2008-05-21 ))))))))))))))))))))))))))))))
.

2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\HijackThis
2008-05-21 21:53 . 2008-05-21 21:53 <DIR> d-------- C:\Programme\CCleaner
2008-05-19 16:31 . 2008-05-19 16:31 268 --ah----- C:\sqmdata19.sqm
2008-05-19 16:31 . 2008-05-19 16:31 244 --ah----- C:\sqmnoopt19.sqm
2008-05-18 12:45 . 2008-05-18 12:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
2008-05-18 12:45 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-05-18 12:45 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-05-18 12:45 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-05-18 12:42 . 2008-05-18 12:43 <DIR> d-------- C:\Programme\epson
2008-05-18 12:42 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-05-18 12:42 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-05-18 12:42 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\Malwarebytes
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-18 12:39 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-18 12:39 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-18 12:32 . 2008-05-18 12:32 268 --ah----- C:\sqmdata18.sqm
2008-05-18 12:32 . 2008-05-18 12:32 244 --ah----- C:\sqmnoopt18.sqm
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-17 23:05 . 2008-05-17 23:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-17 22:47 . 2008-05-17 22:47 268 --ah----- C:\sqmdata17.sqm
2008-05-17 22:47 . 2008-05-17 22:47 244 --ah----- C:\sqmnoopt17.sqm
2008-05-17 22:45 . 2004-08-04 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-17 21:34 . 2008-05-17 21:34 <DIR> d-------- C:\WINDOWS\system32\de
2008-05-17 21:34 . 2008-05-17 21:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-17 21:34 . 2008-05-17 21:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-17 21:30 . 2008-05-17 21:34 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-17 21:22 . 2008-05-17 21:22 <DIR> d-------- C:\WINDOWS\EHome
2008-05-17 21:12 . 2004-08-04 00:38 701,952 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-17 20:14 . 2008-05-17 20:14 268 --ah----- C:\sqmdata16.sqm
2008-05-17 20:14 . 2008-05-17 20:14 244 --ah----- C:\sqmnoopt16.sqm
2008-05-17 17:12 . 2008-05-17 17:12 268 --ah----- C:\sqmdata15.sqm
2008-05-17 17:12 . 2008-05-17 17:12 244 --ah----- C:\sqmnoopt15.sqm
2008-05-17 09:10 . 2008-05-17 09:10 268 --ah----- C:\sqmdata14.sqm
2008-05-17 09:10 . 2008-05-17 09:10 244 --ah----- C:\sqmnoopt14.sqm
2008-05-16 20:25 . 2008-05-16 20:25 268 --ah----- C:\sqmdata13.sqm
2008-05-16 20:25 . 2008-05-16 20:25 244 --ah----- C:\sqmnoopt13.sqm
2008-05-16 18:15 . 2008-05-16 18:15 268 --ah----- C:\sqmdata12.sqm
2008-05-16 18:15 . 2008-05-16 18:15 244 --ah----- C:\sqmnoopt12.sqm
2008-05-15 21:35 . 2008-05-15 21:35 268 --ah----- C:\sqmdata11.sqm
2008-05-15 21:35 . 2008-05-15 21:35 244 --ah----- C:\sqmnoopt11.sqm
2008-05-15 21:29 . 2008-05-15 21:29 268 --ah----- C:\sqmdata10.sqm
2008-05-15 21:29 . 2008-05-15 21:29 244 --ah----- C:\sqmnoopt10.sqm
2008-05-09 22:26 . 2008-05-09 22:26 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2008-05-09 21:31 . 2008-05-18 22:03 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\U3
2008-05-04 10:50 . 2008-05-04 10:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-05-04 10:50 . 2008-05-04 10:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 10:50 . 2008-05-04 10:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 11:01 . 2008-05-01 11:01 268 --ah----- C:\sqmdata09.sqm
2008-05-01 11:01 . 2008-05-01 11:01 244 --ah----- C:\sqmnoopt09.sqm
2008-04-28 21:07 . 2008-04-28 21:07 268 --ah----- C:\sqmdata08.sqm
2008-04-28 21:07 . 2008-04-28 21:07 244 --ah----- C:\sqmnoopt08.sqm
2008-04-28 20:25 . 2008-04-28 20:25 268 --ah----- C:\sqmdata07.sqm
2008-04-28 20:25 . 2008-04-28 20:25 244 --ah----- C:\sqmnoopt07.sqm
2008-04-28 19:22 . 2008-04-28 19:22 268 --ah----- C:\sqmdata06.sqm
2008-04-28 19:22 . 2008-04-28 19:22 244 --ah----- C:\sqmnoopt06.sqm
2008-04-27 19:05 . 2008-04-27 19:05 <DIR> d-------- C:\Programme\Streamripper
2008-04-27 19:05 . 2008-04-27 19:05 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\streamripper
2008-04-27 18:57 . 2008-04-27 18:58 <DIR> d-------- C:\Programme\Winamp
2008-04-27 18:57 . 2008-04-27 19:00 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\Winamp
2008-04-27 17:58 . 2008-04-27 17:58 268 --ah----- C:\sqmdata05.sqm
2008-04-27 17:58 . 2008-04-27 17:58 244 --ah----- C:\sqmnoopt05.sqm
2008-04-27 14:07 . 2008-04-27 14:07 268 --ah----- C:\sqmdata04.sqm
2008-04-27 14:07 . 2008-04-27 14:07 244 --ah----- C:\sqmnoopt04.sqm
2008-04-26 16:53 . 2008-04-26 16:53 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\Ulead Systems
2008-04-26 16:52 . 2008-04-26 16:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ulead Systems
2008-04-26 16:52 . 2008-04-26 16:52 <DIR> d-------- C:\Programme\Corel
2008-04-26 16:52 . 2008-04-26 16:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Corel
2008-04-26 16:49 . 2008-04-26 16:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-04-25 12:29 . 2008-04-25 12:29 111 --a------ C:\WINDOWS\telephon.ini
2008-04-24 09:04 . 2008-04-24 09:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-22 05:49 . 2008-04-22 05:49 <DIR> d-------- C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 19:47 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-05-04 08:50 --------- d-----w C:\Programme\QuickTime
2008-05-02 17:08 --------- d-----w C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\ICQ
2008-04-26 15:11 32,960 ----a-w C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-04-20 18:16 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2008-04-20 17:28 --------- d-----w C:\Programme\Messenger Plus! Live
2008-04-19 21:25 --------- d-----w C:\Programme\Notebook Hardware Control
2008-04-17 17:26 --------- d-----w C:\Programme\Gemeinsame Dateien\mapserv
2008-04-17 17:26 --------- d-----w C:\Programme\Gemeinsame Dateien\GIS
2008-04-17 17:20 --------- d-----w C:\Programme\EuroRoute 2008
2008-04-17 17:15 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-15 18:22 --------- d-----w C:\Dokumente und Einstellungen\Nani\Anwendungsdaten\SUPERAntiSpyware.com
2008-04-15 05:25 --------- d-----w C:\Programme\WinHTTrack
2008-04-14 05:53 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 05:52 989,696 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 05:52 425,472 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 02:36 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:25 333,312 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:22 99,840 ----a-w C:\WINDOWS\system32\scardsvr.exe
2008-04-14 02:21 762,368 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:21 731,648 ----a-w C:\WINDOWS\system32\ntdll.dll
2008-04-14 02:21 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:21 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:02 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:02 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:02 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:02 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:02 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:00 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 01:59 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 01:59 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 01:58 800,384 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 01:58 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 01:58 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 01:58 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 01:57 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 01:57 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 01:57 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 01:56 81,408 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 01:56 51,712 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 01:56 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 01:55 572,928 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:55 52,992 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:54 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 01:54 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:54 10,752 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:53 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:52 68,096 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:52 57,728 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:52 53,760 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:52 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:52 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:52 16,384 ----a-w C:\WINDOWS\system32\drivers\battc.sys
2008-04-14 01:51 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:50 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:50 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:50 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 01:49 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:49 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:49 188,800 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"H/PC Connection Agent"="D:\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:50 1289000]
"msnmsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 22:40 106496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"Power_Gear"="C:\Programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 18:13 86016]
"Wireless Console 2"="C:\Programme\Wireless Console 2\wcourier.exe" [2005-10-17 18:09 987136]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 23:34 262401]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NotebookHardwareControl"="C:\Programme\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [ ]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-05-04 10:50 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:22 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS ChkMail.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
--a------ 2006-01-02 20:14 61440 C:\WINDOWS\ABLKSR\ABLKSR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 04:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2006-02-21 16:20 180224 C:\Programme\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:22 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 12:40 172280 d:\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 04:22 1695232 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programme\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-06 06:39 14850560 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-05-26 17:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-10-21 00:26 761945 C:\Programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown]
c:\sysprep\patch\sysprep.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"D:\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Battlefield 2142\\BF2142.exe"=
"D:\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"D:\Microsoft ActiveSync\rapimgr.exe"= D:\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Microsoft ActiveSync\wcescomm.exe"= D:\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Microsoft ActiveSync\WCESMgr.exe"= D:\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"D:\\Project Torque\\ProjectTorque.bin"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Notebook Hardware Control Service;Notebook Hardware Control Service;C:\Programme\Notebook Hardware Control\nhcservice.exe [2008-04-19 23:25]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 11:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 11:26]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys []
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7692e03e-1dfe-11dd-ae14-001302493bee}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 22:04:49
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-21 22:05:41
ComboFix-quarantined-files.txt 2008-05-21 20:05:38

8 Verzeichnis(se), 2,826,590,208 Bytes frei
11 Verzeichnis(se), 2,949,853,696 Bytes frei

315 --- E O F --- 2008-05-17 07:11:50

---------------------------------------------------------------

3. HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:21, on 21.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Notebook Hardware Control\nhcservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\Wireless Console 2\wcourier.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
D:\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
D:\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
D:\MICROS~2\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~2\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206057968265
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206307835
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Programme\Notebook Hardware Control\nhcservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9705 bytes


-----------------------------------------------------------------------

4. datfind

.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0CD-8AC4

Verzeichnis von C:\WINDOWS\system32

21.05.2008 21:46 42.486 OODBS.lor
17.05.2008 22:46 406.662 perfh009.dat
17.05.2008 22:46 63.862 perfc009.dat
17.05.2008 22:46 422.192 perfh007.dat
17.05.2008 22:46 77.302 perfc007.dat
17.05.2008 22:46 980.724 PerfStringBackup.INI
17.05.2008 22:45 1.158 wpa.dbl
17.05.2008 22:45 90 spupdwxp.log
17.05.2008 22:44 169.896 FNTCACHE.DAT
09.05.2008 23:35 16.863.864 MRT.exe
14.04.2008 07:53 11.264 spnpinst.exe
14.04.2008 07:52 989.696 setupapi.dll
14.04.2008 07:52 425.472 licdll.dll
14.04.2008 04:36 1.804 dcache.bin
14.04.2008 04:25 333.312 netsetup.exe
14.04.2008 04:23 87.176 rdpwsx.dll
14.04.2008 04:23 92.424 rdpdd.dll
14.04.2008 04:23 12.168 tsddd.dll
14.04.2008 04:23 299.520 drmclien.dll
14.04.2008 04:23 57.344 ndptsp.tsp
14.04.2008 04:23 17.408 ipconf.tsp
14.04.2008 04:23 76.800 remotesp.tsp
14.04.2008 04:23 207.360 unimdm.tsp
14.04.2008 04:23 610.304 sspipes.scr
14.04.2008 04:23 192.512 msh261.drv
14.04.2008 04:23 266.240 h323.tsp
14.04.2008 04:23 18.944 ssmyst.scr
14.04.2008 04:23 146.944 winspool.drv
14.04.2008 04:23 33.280 kmddsp.tsp
14.04.2008 04:23 47.104 ssmypics.scr
14.04.2008 04:23 20.992 ssmarque.scr
14.04.2008 04:23 299.008 msh263.drv
14.04.2008 04:23 29.696 hidphone.tsp
14.04.2008 04:23 393.216 ssflwbox.scr
14.04.2008 04:23 23.552 wdmaud.drv
14.04.2008 04:23 14.848 ssstars.scr
14.04.2008 04:23 684.032 sstext3d.scr
14.04.2008 04:23 708.608 ss3dfo.scr
14.04.2008 04:23 19.968 ssbezier.scr
14.04.2008 04:23 9.216 scrnsave.scr
14.04.2008 04:23 80.896 firewall.cpl
14.04.2008 04:23 16.896 more.com

.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0CD-8AC4

Verzeichnis von C:\WINDOWS\temp


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0CD-8AC4

Verzeichnis von C:\WINDOWS\Downloaded Program Files

28.03.2008 21:33 144 QTPlugin.inf
21.03.2008 01:13 65 desktop.ini
19.03.2008 18:36 144 swdir.inf
12.02.2008 12:28 3.036.680 ImageUploader5.ocx
12.02.2008 12:28 378 ImageUploader5.inf
20.11.2007 17:04 1.523.536 FP_AX_CAB_INSTALLER.exe
20.11.2007 16:50 247 swflash.inf
30.07.2007 20:24 293 wuweb.inf
16.05.2007 09:22 399 gp.inf
9 Datei(en) 4.561.886 Bytes
0 Verzeichnis(se), 2.964.407.296 Bytes frei
.
.
.


5. Problem bekannt - Pop-Up Fenster ständig mit Spyware Werbung

#6 duAffentier

wende navilog an (option 1 ) + poste den report
http://virus-protect.org/artikel/tools/navilog.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 So ok, Option 1 ausgeführt.

Sorry für des lange warten.

Search Navipromo version 3.5.7 began on 24.05.2008 at 19:22:46,34

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programme\navilog1
Actual User Account : "Nani"

Updated on 11.05.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Search done in normal mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programme" ***


*** Search folders in "c:\dokume~1\alluse~1\anwend~1" ***


*** Search folders in "c:\dokume~1\alluse~1\startm~1\progra~1" ***


*** Search folders in "C:\Dokumente und Einstellungen\Nani\anwend~1" ***


*** Search folders in "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" ***


*** Search folders in "C:\Dokumente und Einstellungen\Nani\startm~1\progra~1" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" *



*** Search files ***



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 24.05.2008 at 19:30:23,13 ***

#8 ««
nun wende navilog option 2 an

««
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

««
es sollte wieder alles i.o. sein...oder kommen noch popups ?
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Also ich bin nun selber am Lapi. Ich teste des nun mit den Pop-Ups. Aber scheint OK wieder zu sein.

Danke...

#10 Navipromo Removal version 3.5.7 started on 25.05.2008 at 15:40:42,29

Fix running from C:\Programme\navilog1
Actual User Account : "Nani"

Updated on 11.05.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot



*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programme" ***


*** Deleting folders in "c:\dokume~1\alluse~1\anwend~1" ***


*** Deleting folders in "c:\dokume~1\alluse~1\startm~1\progra~1" ***


*** Deleting folders in "C:\Dokumente und Einstellungen\Nani\anwend~1" ***


*** Deleting folders in "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" ***


*** Deleting folders in "C:\Dokumente und Einstellungen\Nani\startm~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Dokumente und Einstellungen\Nani\lokale~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Dokumente und Einstellungen\Nani\lokale~1\anwend~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate deleted !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !

*** Cleaning stage complete on 25.05.2008 at 15:44:34,87 ***