"VIRUS ALERT!" steht bei mir neben der Uhr!

#1 Ich weis nicht mehr was ich machen soll.
Neben der Uhr steht "VIRUS ALERT!"
Es kommen andauernd solche Virenscanner die ich nicht installiert habe.
Im Startmenü kann ich nicht auf "Alle Programme" klicken.
Im Arbeitsplatz sind die Festplatten verschwunden.

Kann mir jemand helfen?


__________
Mfg TheDomi

#2 http://board.protecus.de/t23187.htm

#3 CCleaner Angewendet!

Malwarebytes Angewendet!

Malwarebytes' Anti-Malware 1.23
Datenbank Version: 1000
Windows 5.1.2600 Service Pack 1

20:02:59 28.07.2008
mbam-log-7-28-2008 (20-02-59).txt

Scan-Methode: Vollständiger Scan (D:\|)
Durchsuchte Objekte: 98597
Laufzeit: 22 minute(s), 10 second(s)

Infizierte Speicherprozesse: 5
Infizierte Speichermodule: 10
Infizierte Registrierungsschlüssel: 48
Infizierte Registrierungswerte: 19
Infizierte Dateiobjekte der Registrierung: 20
Infizierte Verzeichnisse: 22
Infizierte Dateien: 104

Infizierte Speicherprozesse:
D:\WINDOWS\system32\service.exe (Adware.Mirar) -> Unloaded process successfully.
D:\Programme\rhcr2aj0e373\rhcr2aj0e373.exe (Rogue.Multiple) -> Unloaded process successfully.
D:\Programme\AVM\avm.exe (Rogue.AntivirusMaster) -> Unloaded process successfully.
D:\WINDOWS\system32\lphcv2aj0e373.exe (Trojan.FakeAlert) -> Unloaded process successfully.
D:\WINDOWS\system32\pphcv2aj0e373.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infizierte Speichermodule:
D:\WINDOWS\system32\cbXQjigd.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\mycplepj.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\rqRHawVp.dll (Trojan.Vundo) -> Delete on reboot.
D:\Programme\rhcr2aj0e373\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
D:\Programme\rhcr2aj0e373\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
D:\Programme\rhcr2aj0e373\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
D:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\WINDOWS\system32\blphcv2aj0e373.scr (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b157840-f007-4471-b1c7-bfb78f91aaa5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b157840-f007-4471-b1c7-bfb78f91aaa5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de74c057-b936-4019-b924-965d31b3b39e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de74c057-b936-4019-b924-965d31b3b39e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhawvp (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcr2aj0e373 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcr2aj0e373 (Rogue.Multiple) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f21ccdf3-cd64-4cbc-9ffa-f8ddd2218829} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0a426bc-cb51-4d2b-b720-f959540b0ab2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13b563e9-b008-4d3a-bbc0-fbb424634455} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a9805a1-fe72-4b17-98e7-958312ea56aa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{951ccafd-23f9-4013-9a5d-96b970052291} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ad730a0b-b21e-421b-abe3-1b6563d2cee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aefff7d6-917c-4d8d-a780-7c2d69f1b01a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aefff7d6-917c-4d8d-a780-7c2d69f1b01a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5974be9-fab7-45b1-9178-8270904247e6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\846154b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdns (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcr2aj0e373 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv2aj0e373 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: d:\windows\system32\cbxqjigd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\cbxqjigd -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55372-OEM-0011903-00126) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
D:\Programme\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
D:\Programme\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
D:\Programme\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Programme\AVM (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\rhcr2aj0e373\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
D:\WINDOWS\system32\cbXQjigd.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\dgijQXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dgijQXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rkfeaz.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\mycplepj.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\jpelpcym.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rqRHawVp.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\service.exe (Adware.Mirar) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\WinNB57.dll (Adware.Mirar) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Eigene Dateien\Programme\PLAY_MP3.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopper) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-2052111302-117609710-839522115-1004\Dd1\Icon Changer\ExeIcoSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FB70B009-C298-44EA-B2C3-4A3E9258E578}\RP2\A0000008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FB70B009-C298-44EA-B2C3-4A3E9258E578}\RP2\A0004002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FB70B009-C298-44EA-B2C3-4A3E9258E578}\RP2\A0004017.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fccAsrPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\otijwwam.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vqqatjmq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\khfDtRHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pmnllMcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nlcoam.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\Winpg88.sys (Rootkit.Agent) -> Delete on reboot.
D:\Programme\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\rhcr2aj0e373.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\rhcr2aj0e373.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\rhcr2aj0e373\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Programme\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Programme\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Programme\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Programme\AVM\avm.cpl (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
D:\Programme\AVM\avm.exe (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
D:\Programme\AVM\avm0.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
D:\Programme\AVM\avm1.dat (Rogue.AntivirusMaster) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\CmdLineExt03.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Lokale Einstellungen\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\nfavxwdbsxb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.
D:\WINDOWS\system32\avm.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\blphcv2aj0e373.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lphcv2aj0e373.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\phcv2aj0e373.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pphcv2aj0e373.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\reginv.dll (Backdoor.ProRat) -> Quarantined and deleted successfully.
D:\WINDOWS\system\sservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TmpRecentIcons\Antivirus Master.lnk (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\Dominik\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
__________
Mfg TheDomi

#4 Hallo TheDomi

Poste noch das Combofix und HJT Log

Gruss Swiss

#5 ComboFix angewendet!


ComboFix 08-07-27.5 - Dominik 2008-07-28 20:37:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1031.18.544 [GMT 2:00]
ausgeführt von:: D:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-06-28 bis 2008-07-28 ))))))))))))))))))))))))))))))
.

2008-07-28 13:15 . 2008-07-28 13:15 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Malwarebytes
2008-07-28 13:15 . 2008-07-28 13:15 <DIR> d-------- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-28 13:15 . 2008-07-23 20:09 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 13:15 . 2008-07-23 20:09 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 11:05 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-07-28 11:05 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-07-28 11:05 . 2008-05-29 09:35 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-07-28 11:05 . 2008-05-18 21:40 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-07-28 11:05 . 2008-07-02 13:33 82,432 --a------ D:\WINDOWS\system32\IEDFix.C.exe
2008-07-28 11:05 . 2008-05-23 18:21 81,920 --a------ D:\WINDOWS\system32\404Fix.exe
2008-07-28 11:05 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-07-28 11:05 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-07-28 11:05 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-07-28 11:05 . 2008-07-28 11:05 4,050 --a------ D:\WINDOWS\system32\tmp.reg
2008-07-27 22:56 . 2008-07-27 22:56 <DIR> d-------- D:\Programme\CleanUp!
2008-07-27 22:11 . 2008-07-28 20:35 <DIR> d-------- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-07-27 21:43 . 2008-07-27 21:43 22 --a------ D:\WINDOWS\system32\mseixml.sei
2008-07-27 21:43 . 2008-07-27 21:43 22 --a------ D:\WINDOWS\mseixml.sei
2008-07-27 20:42 . 2008-07-27 20:42 125 --a------ D:\WINDOWS\aspack.ini
2008-07-27 20:24 . 2008-07-27 20:24 10,585 --a------ D:\WINDOWS\Pplugin4.exe
2008-07-27 20:24 . 2008-07-27 20:24 263 --a------ D:\WINDOWS\Pplugin4.dat
2008-07-27 20:23 . 2008-07-27 20:23 483,418 --a------ D:\WINDOWS\p_ekran.jpg
2008-07-27 20:23 . 2008-07-27 20:23 0 --a------ D:\WINDOWS\Pplugin9.dat
2008-07-27 20:20 . 2008-07-27 20:20 54 --a------ D:\WINDOWS\refresh.scf
2008-07-26 18:00 . 2008-07-26 18:13 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2008-07-21 17:55 . 2008-07-21 18:18 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\dwhelper
2008-07-20 19:29 . 2008-07-20 19:29 <DIR> d-------- D:\Programme\ICQ6Toolbar
2008-07-20 19:29 . 2008-07-20 19:29 <DIR> d-------- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2008-07-20 19:25 . 2008-07-20 19:35 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\ICQ
2008-07-20 12:00 . 2008-07-20 12:00 <DIR> d-------- D:\Temp
2008-07-19 18:20 . 2008-07-19 18:39 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\ICQLite
2008-07-19 12:06 . 2003-04-02 14:00 499,200 --a------ D:\WINDOWS\system32\hypertrm.dll
2008-07-19 12:04 . 2008-07-19 12:04 <DIR> d-------- D:\Programme\Microsoft CAPICOM 2.1.0.2
2008-07-19 12:03 . 2003-04-02 14:00 117,248 --a------ D:\WINDOWS\system32\dllcache\dhtmled.ocx
2008-07-19 12:01 . 2003-04-02 14:00 87,040 --a------ D:\WINDOWS\system32\srvsvc.dll
2008-07-19 12:01 . 2003-04-02 14:00 87,040 --a------ D:\WINDOWS\system32\dllcache\srvsvc.dll
2008-07-17 11:49 . 2005-10-21 00:33 1,003,008 --a------ D:\WINDOWS\system32\esent.dll
2008-07-17 10:22 . 2008-07-17 10:22 0 --a------ D:\WINDOWS\mngui.INI
2008-07-17 10:19 . 2008-07-17 10:19 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Ulead Systems
2008-07-16 23:47 . 2008-07-19 12:04 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-07-16 23:46 . 2008-07-28 11:21 <DIR> d-------- D:\WINDOWS\system32\bits
2008-07-16 23:46 . 2003-04-02 14:00 310,272 --a------ D:\WINDOWS\system32\winhttp.dll
2008-07-16 23:46 . 2003-04-02 14:00 310,272 --a------ D:\WINDOWS\system32\dllcache\winhttp.dll
2008-07-16 23:46 . 2003-04-02 14:00 223,232 --a------ D:\WINDOWS\system32\qmgr.dll
2008-07-16 23:46 . 2003-04-02 14:00 223,232 --a------ D:\WINDOWS\system32\dllcache\qmgr.dll
2008-07-16 23:46 . 2003-04-02 14:00 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2008-07-16 23:46 . 2003-04-02 14:00 17,408 --a------ D:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-16 23:42 . 2004-07-02 00:08 7,680 -----c--- D:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-07-16 23:42 . 2004-07-02 00:08 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2008-07-16 23:42 . 2004-07-02 00:08 7,168 -----c--- D:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-07-16 23:42 . 2004-07-02 00:08 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2008-07-16 23:36 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-07-16 23:36 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-07-10 08:57 . 2006-09-05 20:07 97,088 -ra------ D:\WINDOWS\system32\drivers\se59mdm.sys
2008-07-10 08:57 . 2006-09-05 20:06 90,800 -ra------ D:\WINDOWS\system32\drivers\se59unic.sys
2008-07-10 08:57 . 2006-09-05 20:08 88,624 -ra------ D:\WINDOWS\system32\drivers\se59mgmt.sys
2008-07-10 08:57 . 2006-09-05 20:09 86,432 -ra------ D:\WINDOWS\system32\drivers\se59obex.sys
2008-07-10 08:57 . 2006-09-05 20:06 18,704 -ra------ D:\WINDOWS\system32\drivers\se59nd5.sys
2008-07-10 08:57 . 2006-09-05 20:07 9,360 -ra------ D:\WINDOWS\system32\drivers\se59mdfl.sys
2008-07-10 08:57 . 2006-09-05 20:09 6,240 -ra------ D:\WINDOWS\system32\drivers\se59cmnt.sys
2008-07-10 08:57 . 2006-09-05 20:09 6,240 -ra------ D:\WINDOWS\system32\drivers\se59cm.sys
2008-07-10 08:57 . 2006-09-05 20:06 4,128 -ra------ D:\WINDOWS\system32\drivers\se59cr.sys
2008-07-10 08:54 . 2006-09-05 20:07 61,536 -ra------ D:\WINDOWS\system32\drivers\se59bus.sys
2008-07-10 08:54 . 2006-09-05 20:06 5,872 -ra------ D:\WINDOWS\system32\drivers\se59whnt.sys
2008-07-10 08:54 . 2006-09-05 20:06 5,872 -ra------ D:\WINDOWS\system32\drivers\se59wh.sys
2008-07-09 21:07 . 2008-07-10 08:57 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Teleca
2008-07-09 21:06 . 2008-07-09 21:06 <DIR> d-------- D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Sony Ericsson
2008-07-09 21:05 . 2008-07-09 21:05 <DIR> d-------- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2008-07-09 21:04 . 2008-07-09 21:05 <DIR> d-------- D:\Programme\Gemeinsame Dateien\Teleca Shared
2008-07-09 21:04 . 2008-07-09 21:05 <DIR> d-------- D:\Programme\Gemeinsame Dateien\Sony Ericsson Shared
2008-07-09 21:04 . 2008-07-09 21:05 <DIR> d-------- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2008-07-09 20:27 . 2008-07-09 20:27 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2008-07-01 13:24 . 2008-07-19 12:54 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE
2008-06-30 19:01 . 2008-06-30 19:01 1,905 --a------ D:\WINDOWS\diagwrn.xml
2008-06-30 19:01 . 2008-06-30 19:01 1,905 --a------ D:\WINDOWS\diagerr.xml

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:34 --------- d-----w D:\Programme\SurfingEnhancer
2008-07-27 19:12 24,575 ----a-w D:\WINDOWS\system32\Qsusengwinsyspio49.dll
2008-07-27 18:13 --------- d-----w D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-07-27 10:24 --------- d-----w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\LimeWire
2008-07-21 10:44 --------- d--h--w D:\Programme\InstallShield Installation Information
2008-07-18 10:52 --------- d-----w D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2008-07-16 11:14 --------- d-----w D:\Programme\ArtMoney
2008-07-09 11:28 --------- d-----w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Canon
2008-07-09 10:24 --------- d-----w D:\Programme\NCH Swift Sound
2008-07-07 12:11 --------- d-----w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\OpenOffice.org2
2008-06-23 11:14 --------- d-----w D:\Programme\Google
2008-06-22 13:41 --------- d-----w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\PC Suite
2008-06-06 14:11 --------- d-----w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Corel
2008-05-21 15:07 22,016 ----a-w D:\WINDOWS\system32\prospeed_bmp2jpg.dll
2008-05-15 09:30 208,896 ----a-w D:\WINDOWS\system32\TubeFinder.exe
2008-05-11 10:29 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2008-05-01 08:08 107,134 -c--a-w D:\WINDOWS\UninstallFirefox.exe
2008-04-07 17:55 45,824 ----a-w D:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-28_20.19.18.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-28 17:27:29 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-28 18:28:08 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 17:27:29 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-28 18:28:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-28 17:27:29 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-07-28 18:28:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2008-06-17 17:02:10 64,796 ----a-w D:\WINDOWS\system32\perfc007.dat
+ 2008-07-28 18:29:59 64,796 ----a-w D:\WINDOWS\system32\perfc007.dat
- 2008-06-17 17:02:10 53,744 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-07-28 18:29:59 53,744 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-06-17 17:02:10 394,830 ----a-w D:\WINDOWS\system32\perfh007.dat
+ 2008-07-28 18:29:59 394,830 ----a-w D:\WINDOWS\system32\perfh007.dat
- 2008-06-17 17:02:10 383,390 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-07-28 18:29:59 383,390 ----a-w D:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"swg"="D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 13:45 68856]
"ctfmon.exe"="D:\WINDOWS\System32\ctfmon.exe" [2003-04-02 14:00 13312]
"ICQ"="C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" [2006-11-23 16:10 56928]
"LanguageShortcut"="D:\Programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
"NeroFilterCheck"="D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="D:\Programme\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Ulead AutoDetector v2"="D:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 12:58 90112]
"TkBellExe"="D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-03-06 22:30 185896]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-10-06 16:38 7700480]
"VC9Player"="D:\Programme\Virtual CD v9\System\VC9Play.exe" [2007-04-12 16:33 202312]
"CloneCDTray"="D:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"SunJavaUpdateSched"="D:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TVEService"="D:\Programme\Home Cinema\TV Enhance\TVEService.exe" [2007-02-08 19:13 155648]
"CanonSolutionMenu"="D:\Programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]
"CanonMyPrinter"="D:\Programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="D:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"Sony Ericsson PC Suite"="C:\Sony Ericsson\W580i\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920]
"avgnt"="D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 229416]
"Securepoint Personal Firewall"="C:\Firewall\bin\sppfw.exe" [2005-02-23 17:49 1799680]
"SkyTel"="SkyTel.EXE" [2006-10-09 11:50 2879488 D:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 11:50 16236032 D:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-10-06 16:38 1617920 D:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys]
@="Driver"

R0 avgntmgr;avgntmgr;D:\WINDOWS\System32\drivers\avgntmgr.sys [2005-07-04 11:58]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);D:\WINDOWS\System32\drivers\sfsync03.sys [2005-10-13 15:46]
R1 avgntdd;avgntdd;D:\WINDOWS\System32\DRIVERS\avgntdd.sys [2006-02-23 17:17]
R1 spfw;spfw;D:\WINDOWS\System32\drivers\spfw.sys [2005-02-10 11:49]
R1 vdrv9000;vdrv9000;D:\WINDOWS\System32\DRIVERS\vdrv9000.sys [2007-01-23 12:48]
R2 IJPLMSVC;PIXMA Extended Survey Program;D:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:49]
R2 spfirewallsvc;Securepoint Personal Firewall;C:\Firewall\driver\spfirewallsvc.exe [2005-02-11 18:24]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 19:14]
R2 TVESched;TVEnhance Task Scheduler (TTS));D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 19:14]
R2 VC9SecS;Virtual CD v9 Management Service;D:\Programme\Virtual CD v9\System\VC9SecS.exe [2007-04-12 16:33]
S0 Winpg88;Winpg88;D:\WINDOWS\System32\Drivers\Winpg88.sys []
S3 HH9Help.sys;HH9Help.sys;D:\WINDOWS\System32\drivers\HH9Help.sys [2006-09-20 13:42]
S3 ldiskl;ldiskl;D:\DOKUME~1\Dominik\LOKALE~1\Temp\ldiskl.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);D:\WINDOWS\System32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;D:\WINDOWS\System32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;D:\WINDOWS\System32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);D:\WINDOWS\System32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);D:\WINDOWS\System32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;D:\WINDOWS\System32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);D:\WINDOWS\System32\DRIVERS\se59unic.sys [2006-09-05 20:06]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Inhalt des "geplante Tasks" Ordners

2008-03-20 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Programme\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
.
.
------- Zusätzlicher Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://google.daemonsearch.com/intl/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Nach Microsoft &Excel exportieren - C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
D:\WINDOWS\Downloaded Program Files\oscan8.inf
D:\WINDOWS\bdoscandellang.ini
D:\WINDOWS\bdoscandel.exe
D:\WINDOWS\Downloaded Program Files\live.ini
D:\WINDOWS\Downloaded Program Files\scanoptions.tsi
D:\WINDOWS\Downloaded Program Files\lang.ini
D:\WINDOWS\Downloaded Program Files\ipsupd.dll
D:\WINDOWS\Downloaded Program Files\bdupd.dll
D:\WINDOWS\Downloaded Program Files\libfn.dll
D:\WINDOWS\Downloaded Program Files\bdcore.dll
D:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 20:38:58
Windows 5.1.2600 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-07-28 20:39:26
ComboFix-quarantined-files.txt 2008-07-28 18:39:24
ComboFix2.txt 2008-07-28 18:19:28

Pre-Run: 6,882,746,368 Bytes frei
Post-Run: 6,867,611,648 Bytes frei

223 --- E O F --- 2008-07-19 10:10:10




Hijackthis angewendet!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:34, on 28.07.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Firewall\driver\spfirewallsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programme\Canon\IJPLM\IJPLMSVC.EXE
D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Programme\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
D:\Programme\Virtual CD v9\System\VC9SecS.exe
D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\Virtual CD v9\System\VC9Play.exe
D:\Programme\Java\jre1.6.0_05\bin\jusched.exe
D:\Programme\Home Cinema\TV Enhance\TVEService.exe
D:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Sony Ericsson\W580i\Application Launcher\Application Launcher.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\System32\ctfmon.exe
C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programme\Virtual CD v9\System\VC9Tray.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Sony Ericsson\W580i\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
C:\XP NICHT LOESCHEN\dark_firefox\Installationsdateien\firefox.exe
D:\Programme\Huawei technologies\Mobile Connect\Mobile Connect.exe
D:\Dokumente und Einstellungen\Dominik\Eigene Dateien\HiJackThis\Extra Ordner\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.daemonsearch.com/intl/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VC9Player] D:\Programme\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVEService] "D:\Programme\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Sony Ericsson\W580i\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Securepoint Personal Firewall] "C:\Firewall\bin\sppfw.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Microsoft Office am xp\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office am xp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206963675796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206963635906
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D41B8F8-A8E7-42F4-AC71-0F1754D3B641}: NameServer = 194.48.139.254 194.48.124.202
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: License Management Service ESD - element5 - D:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint Latinoamerica S.A. de C.V. - C:\Firewall\driver\spfirewallsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - D:\Programme\Virtual CD v9\System\VC9SecS.exe
O24 - Desktop Component 0: (no name) - http://www.skrapid.at/fileadmin/rapid10/img/bg.gif

--
End of file - 10829 bytes


Uninstall-Liste

18 Wheels of Steel: Voll aufs Gas
7-Zip 4.32
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player 11
Antidote Free 1.0
Apple Software Update
ArtMoney SE v7.28
ASPack
Avira AntiVir PersonalEdition Classic
BDE
BootSkin
Canon MP Navigator EX 1.0
Canon MP520 series
Canon MP520 series Benutzerregistrierung
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CD Bremse 1.46
CleanUp!
CloneCD
CloneDVD2OEM
Corel Graphics Suite 11
Crazy Taxi
Cygwin B20
DATA BECKER web to date 4.0 (Shared Components)
Der Pate® Das Spiel
Diablo
Double Vibration steering wheel
Elasto Mania
Emergency 3
Emergency4
eMule
Free FLV Converter V 4.8
Free WMA to MP3 Converter 1.16
Free YouTube Download 2.1
Golden Records
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HEROLD Telefonbuch CD home + route
Hex Workshop v5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Deskjet 5900 series
HP Extended Capabilities 5.0
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
ICQ6
InterActual Player
Java(TM) 6 Update 5
LimeWire 4.17.6
MakeDisc
Malwarebytes' Anti-Malware
MCE Software Encoder 1.1
MediaShow 3.0
Medicopter 4 deinstallieren
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Midnight Club II
Mobile Connect
Mozilla Firefox (1.5.0.12)
MP3 Player Utilities 3.5.02
mp3 RightName 1.28
muvee autoProducer 3.5 magicMoments
My Buddy Icons v4.9x
Nero 7 Essentials
nutella EM-Spektakel 2008
NVIDIA Drivers
NVIDIA WDM Drivers
OpenOffice.org 2.3
Österreich - Auto + Motorrad
PhotoNow! 1.0
PIXMA Extended Survey Program
PowerDirector
PowerDVD
PowerProducer
Prism Video Converter
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rush For Berlin
ScanSoft OmniPage SE 4
Securepoint Personal Firewall
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905495)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Sicherheitsupdate für Windows XP (KB921398)
Sicherheitsupdate für Windows XP (KB921883)
Sicherheitsupdate für Windows XP (KB922616)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB924191)
Sicherheitsupdate für Windows XP (KB924496)
SimonTools XP-Tuner 2004
Sony Ericsson PC Suite
SoundTap
SurfingEnhancer
Switch Sound File Converter
TallStick TS-AudioToMIDI 3.30 (remove only)
The Simpsons Hit & Run(TM)
Torino 2006
TV Enhance
Ulead PhotoImpact 12
Uninstall 1.0.0.0
Unlocker 1.7.9
Update für Windows XP (KB835409)
Update für Windows XP (KB898461)
Update für Windows XP (KB908531)
Update für Windows XP (KB910437)
Update für Windows XP (KB911280)
Virtual CD v9
Virtual DJ - Atomix Productions
WavePad Uninstall
Winamp (remove only)
Windows Installer 3.0 (KB884016)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP-Hotfix - KB822603
Windows XP-Hotfix - KB833407
Windows XP-Hotfix - KB842773
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB911567
Windows XP-Hotfix - KB918439
Windows XP-Hotfix - KB918899
Windows XP-Hotfix - KB925486
WinImage
WinRAR Archivierer
World Racing 2 Spec
Worms2

Datfindbat angewendet!

Die letzten 3 monate sind im Anhang

Beschreibung:

Neben der Uhr steht "VIRUS ALERT!"
Im Startmenü ist "Alle Programme verschwunden"
Am Desktop war ein anderer Hintergrund mit einem Link.
Die Festplatten waren im Arbeitsplatz nicht mehr dort.
^^ Diese Symtome waren nach Malwarebytes verschwunden^^
Alles ist im Windows 98 Stil - also grau, und man kann es in den Eigenschaften nicht umstellen
Im Startmenü ganz oben wo normal der Benutzername steht ist das Benutzerbild verschwunden.


__________
Mfg TheDomi

#6 Hol dir mal die neueren ServicePacks, also wenigstens mal SP2.

Zitat

R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

--> Fixen

Zitat

O17 - HKLM\System\CCS\Services\Tcpip\..\{7D41B8F8-A8E7-42F4-AC71-0F1754D3B641}: NameServer = 194.48.139.254 194.48.124.202

--> Wenn unbekannt, Fixen.

Zitat

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

--> Wenn nicht beabsichtigt, oder unbekannt Fixen !

Soweit erstmal, dann bitte nochmal CCleaner laufen lassen, dann deinen Virenscanner und dann nochmal ein hjt.

#7 CCleaner und Virenscanner angewendet!

Hijackthis angewendet!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:57, on 29.07.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
C:\Firewall\driver\spfirewallsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\alg.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programme\Canon\IJPLM\IJPLMSVC.EXE
D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Programme\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Programme\Virtual CD v9\System\VC9SecS.exe
D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\Virtual CD v9\System\VC9Play.exe
D:\Programme\Java\jre1.6.0_05\bin\jusched.exe
D:\Programme\Home Cinema\TV Enhance\TVEService.exe
D:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Sony Ericsson\W580i\Application Launcher\Application Launcher.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\Virtual CD v9\System\VC9Tray.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Sony Ericsson\W580i\Mobile Phone Monitor\epmworker.exe
D:\Programme\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\XP NICHT LOESCHEN\dark_firefox\Installationsdateien\firefox.exe
D:\Dokumente und Einstellungen\Dominik\Eigene Dateien\HiJackThis\Extra Ordner\HJT.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.daemonsearch.com/intl/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VC9Player] D:\Programme\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVEService] "D:\Programme\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Sony Ericsson\W580i\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Securepoint Personal Firewall] c:\firewall\bin\sppfw.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Microsoft Office am xp\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office am xp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\XP NICHT LOESCHEN\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206963675796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206963635906
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D41B8F8-A8E7-42F4-AC71-0F1754D3B641}: NameServer = 194.48.139.254 194.48.124.202
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: License Management Service ESD - element5 - D:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint Latinoamerica S.A. de C.V. - C:\Firewall\driver\spfirewallsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - D:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - D:\Programme\Virtual CD v9\System\VC9SecS.exe
O24 - Desktop Component 0: (no name) - http://www.skrapid.at/fileadmin/rapid10/img/bg.gif

--
End of file - 10424 bytes
__________
Mfg TheDomi

#8 Hallo TheDomi

1.
Virustotal http://www.virustotal.com/flash/index_en.html

D:\WINDOWS\system32\Qsusengwinsyspio49.dll

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER KOMPLETT kopieren

2.
Rootkit:

Zitat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys]
@="Driver"

««
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

Winpg88

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

«
__________
MfG Sabina

rund um die PC-Sicherheit

#9 VirusTotal

D:\WINDOWS\system32\Qsusengwinsyspio49.dll

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.29.1 2008.07.29 -
AntiVir 7.8.1.12 2008.07.29 -
Authentium 5.1.0.4 2008.07.29 -
Avast 4.8.1195.0 2008.07.28 -
AVG 8.0.0.130 2008.07.29 -
BitDefender 7.2 2008.07.29 -
CAT-QuickHeal 9.50 2008.07.28 -
ClamAV 0.93.1 2008.07.29 -
DrWeb 4.44.0.09170 2008.07.29 -
eSafe 7.0.17.0 2008.07.28 -
eTrust-Vet 31.6.5991 2008.07.29 -
Ewido 4.0 2008.07.28 -
F-Prot 4.4.4.56 2008.07.28 -
F-Secure 7.60.13501.0 2008.07.29 -
Fortinet 3.14.0.0 2008.07.29 -
GData 2.0.7306.1023 2008.07.29 -
Ikarus T3.1.1.34.0 2008.07.29 -
Kaspersky 7.0.0.125 2008.07.29 -
McAfee 5348 2008.07.28 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3305 2008.07.29 -
Norman 5.80.02 2008.07.28 -
Panda 9.0.0.4 2008.07.28 -
PCTools 4.4.2.0 2008.07.29 -
Prevx1 V2 2008.07.29 -
Rising 20.55.12.00 2008.07.29 -
Sophos 4.31.0 2008.07.29 -
Sunbelt 3.1.1536.1 2008.07.28 -
Symantec 10 2008.07.29 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.29 -
VBA32 3.12.8.1 2008.07.28 -
ViRobot 2008.7.29.1315 2008.07.29 -
VirusBuster 4.5.11.0 2008.07.28 -
Webwasher-Gateway 6.6.2 2008.07.29 -
weitere Informationen
File size: 24575 bytes
MD5...: 04c2efe6f91df79507c162861ebd54b5
SHA1..: c0bea0426fe11ce2c94e1a343c259c451f584c74
SHA256: ab5b01db830674b3fc5de4cf1df5361b86f6f389db307d7936656045a10285aa
SHA512: 0e075fb210e2ceda374f083f35a062765e7777a523c9490d66d45373927c3bd0
db651ddc3d7b494d58c65b78349c5e0a11ec8117cd5771e9743b8165b0aa1160
PEiD..: -
PEInfo: -


Winpg88


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Winpg88" 29.07.2008 11:39:13

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88\0000]
"Service"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88\0000]
"DeviceDesc"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winpg88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winpg88]
"ImagePath"="System32\\Drivers\\Winpg88.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winpg88\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88\0000]
"Service"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88\0000]
"DeviceDesc"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88]
"ImagePath"="System32\\Drivers\\Winpg88.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88\Enum]
"0"="Root\\LEGACY_WINPG88\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88\0000]
"Service"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88\0000]
"DeviceDesc"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winpg88]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winpg88]
"ImagePath"="System32\\Drivers\\Winpg88.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winpg88\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Winpg88.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88\0000]
"Service"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88\0000]
"DeviceDesc"="Winpg88"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88]
"ImagePath"="System32\\Drivers\\Winpg88.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88\Enum]
"0"="Root\\LEGACY_WINPG88\\0000"
__________
Mfg TheDomi

#10 1.
Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\Pplugin4.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER KOMPLETT kopieren

-----------------------------------------------------------

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
- setze ein Häkchen in: "Automatically disable any rootkits found"
- Das Häkchen "Scan for Rootkits" sollte angehakt sein.
kopiere in das weisse Feld:

Zitat

Drivers to disable:
Winpg88
Drivers to delete:
Winpg88
Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winpg88
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winpg88
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Winpg88.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88
Files to delete:
D:\WINDOWS\system32\Qsusengwinsyspio49.dll
Folders to delete:
D:\Programme\SurfingEnhancer

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

Klicke: Execute

bestätige, dass der Rechner neu gestartet wird - klicke "yes"
nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

-------------

ist für mich:

http://virus-protect.org/artikel/spyware/ffservice.html
2008-07-27 20:24 . 2008-07-27 20:24 10,585 --a------ D:\WINDOWS\Pplugin4.exe
2008-07-27 20:24 . 2008-07-27 20:24 263 --a------ D:\WINDOWS\Pplugin4.dat
2008-07-27 20:23 . 2008-07-27 20:23 483,418 --a------ D:\WINDOWS\p_ekran.jpg
2008-07-27 20:23 . 2008-07-27 20:23 0 --a------ D:\WINDOWS\Pplugin9.dat
2008-07-27 20:20 . 2008-07-27 20:20 54 --a------ D:\WINDOWS\refresh.scf

Verzeichnis von C:\WINDOWS

22.07.2006 22:35 13.743 ktd32.atm
22.07.2006 22:28 6.672 Pplugin9.dat
22.07.2006 21:51 579 Pplugin4.dat
22.07.2006 21:23 67.897 p_ekran.jpg


«
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Winpg88" disabled successfully.
Driver "Winpg88" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINPG88" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winpg88" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINPG88" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winpg88" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Winpg88.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINPG88" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winpg88" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpg88.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Winpg88.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Winpg88.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPG88" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpg88" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "D:\WINDOWS\system32\Qsusengwinsyspio49.dll" deleted successfully.
Folder "D:\Programme\SurfingEnhancer" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
__________
Mfg TheDomi

#12 Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\Pplugin4.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER KOMPLETT kopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#13 0 bytes size received / Se ha recibido un archivo vacio

Diese Fehlermeldung kommt dann

Kann es daran liegen das ich das Betriebssystem auf "D" installiert habe
__________
Mfg TheDomi

#14 1.
lösche mit dem Avenger

Zitat

Files to delete:
D:\WINDOWS\ktd32.atm
D:\WINDOWS\Pplugin4.exe
D:\WINDOWS\Pplugin4.dat
D:\WINDOWS\p_ekran.jpg
D:\WINDOWS\Pplugin9.dat
D:\WINDOWS\refresh.scf

««
1. Öffne notepad (Texteditor) Unter Start/Ausführen den Befehl: notepad eingeben,bestätigen,dann erscheit ein notepad editor.
Oder unter Start/Programme/Zubehör/Editor

kopiere diesen Code rein:

Zitat

reg query "HKEY_CURRENT_USER\software\microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings" >RegQuery.txt
notepad RegQuery.txt

3. Speichere die Datei als fix.bat auf Desktop

achte darauf , dass es nicht als txt-Datei abgespeichert wird, sondern unter "Alle Dateien"

4. Doppelklick auf die Datei fix.bat, dann wird eine RegQuery.txt Datei erstellt,den Inhalt hier posten
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Bei mir kommt dann die Eingabe-aufforderung
Und in RegQuery ist nichts

Hardcopy ist im Anhang


__________
Mfg TheDomi