Problem mit WinFixer.CHE

#1 Hallo zusammen,

ich habe heute Abend etwas eingefangen was sich WinFixer.CHE nennt.

Hab hier mal einen Auszug vom Hijack.Hoffe es kann mir jemand helfen.Ich seh leider nicht mehr durch.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:31: VIRUS ALERT!, on 18.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Norman\Nvc\BIN\nvcod.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\DOKUME~1\Marcel\LOKALE~1\Temp\Temporäres Verzeichnis 3 für HiJackThis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: fqbewlna - {F63CB648-B3AB-4001-A96B-324CE8B2F52C} - C:\WINDOWS\fqbewlna.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [cablecom hispeed security service] C:\DOKUME~1\Marcel\LOKALE~1\Temp\ins1.tmp\~fsbwins.exe /NoIntervention
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registry Defender Platinum.lnk = C:\Programme\Registry Defender Platinum\RegistryDefender.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127892565295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173495498609
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9326 bytes


Besten Dank im Voraus.

Gruss Marcel

#2 Hallo the_future

Arbeite bitte einmal die Punkte 1-4 von http://board.protecus.de/t23187.htm ab und poste die entsprechenden Reporte.
__________
MfG Ralf
SEO-Spam Hunter

#3 So, hab nun mal alle 4 Punkte durch gearbeitet und wie ich das Gefühl habe, sieht es gar nicht so schlecht aus.

Hier sind noch die verschiedenen Protokolle:

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1166
Windows 5.1.2600 Service Pack 3

18.09.2008 13:14:07
mbam-log-2008-09-18 (13-14-07).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 136205
Laufzeit: 1 hour(s), 7 minute(s), 12 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 4
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\jkkKdcAr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bmsark.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6928c803-aa5d-4b3a-9943-3c3f784a02bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulibxr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6928c803-aa5d-4b3a-9943-3c3f784a02bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a897c32-37f8-4d8d-9b9f-9107cf9cb063} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a897c32-37f8-4d8d-9b9f-9107cf9cb063} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca6885c4-fdfc-4fa6-b36a-29439a78f1d0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ca6885c4-fdfc-4fa6-b36a-29439a78f1d0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{80e1ce95-4e44-4748-b20a-a62b2a45cd2f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dc6b6a04-a98b-4bbd-a39a-2658c227d664} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3a66f6c-38b1-47f6-9297-c01569b223cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bksp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkkdcar -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkdcar -> Delete on reboot.

Infizierte Verzeichnisse:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Programme\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\vtUlIbXR.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmsark.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkKdcAr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rAcdKkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rAcdKkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aoxxlpuy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuplxxoa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cspxioyr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ryoixpsc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{127A713A-2939-48BC-A205-B8A82267A839}\RP570\A0214355.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{127A713A-2939-48BC-A205-B8A82267A839}\RP570\A0214350.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{127A713A-2939-48BC-A205-B8A82267A839}\RP570\A0214351.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\etfl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pllwyrmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcigjcdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsiuyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Programme\Registry Defender Platinum\backup\18.09.2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vmgspntbgns.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------
Ad-Aware SE Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center 7.7.0.0
AVG Anti-Spyware 7.5
AVIVO Codecs
CCleaner (remove only)
CleanUp!
DATA BECKER Visitenkarten Druckerei 2002
GdiplusUpgrade
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Print Diagnostic Utility
HP Solution Center 7.0
HP Update
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Language pack for Ad-Aware SE
LightScribe System Software 1.10.16.1
Malediven Screen Saver
Malwarebytes' Anti-Malware
MapSource
MapSource - City Navigator Europe v7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Essentials
Nero 7 Essentials
neroxml
Norman Virus Control
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Philips Digital Audio Player
Picasa 2
PowerDVD
Realtek AC'97 Audio
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung Samples Installer
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
SonicStage 3.4
Spybot - Search & Destroy
TuneUp Utilities 2008
TweakAll 3.0
TweakPower
TwixTel
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XnView 1.82.4
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33, on 18.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\DOKUME~1\Marcel\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ch.msn.com/default.aspx?dc=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127892565295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173495498609
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O20 - AppInit_DLLs: bmsark.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7776 bytes
---------------------------------------------------------------------------
ComboFix 08-09-16.05 - Marcel 2008-09-18 13:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.225 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Marcel\Desktop\Spyware entfernen\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NSESVC
-------\Service_nsesvc


((((((((((((((((((((((( Dateien erstellt von 2008-08-18 bis 2008-09-18 ))))))))))))))))))))))))))))))
.

2023-04-03 15:06 . 2023-04-03 15:06 135,168 --a--c--- C:\WINDOWS\system32\vbSendMail.dll
2008-09-18 12:04 . 2008-09-18 12:04 <DIR> d----c--- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Malwarebytes
2008-09-18 12:03 . 2008-09-18 12:04 <DIR> d----c--- C:\Programme\Malwarebytes' Anti-Malware
2008-09-18 12:03 . 2008-09-18 12:03 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-09-18 12:03 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 12:03 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 11:50 . 2008-09-18 11:50 <DIR> d----c--- C:\Programme\CCleaner
2008-09-18 03:37 . 2008-09-18 03:37 140 --a--c--- C:\WINDOWS\wininit.ini
2008-09-18 02:18 . 2008-09-18 02:22 <DIR> d----c--- C:\Programme\Spybot - Search & Destroy
2008-09-18 02:18 . 2008-09-18 11:53 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-09-18 01:01 . 2008-09-18 01:01 <DIR> d----c--- C:\Programme\Codeforge
2008-09-18 00:46 . 2008-09-18 01:18 <DIR> d----c--- C:\Programme\TweakPower
2008-09-18 00:23 . 2008-09-18 00:57 <DIR> d----c--- C:\Programme\TuneUp Utilities 2008
2008-09-18 00:19 . 2008-09-18 00:19 <DIR> d----c--- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-09-17 23:28 . 2008-09-17 23:28 <DIR> d----c--- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\TmpRecentIcons
2008-08-25 09:34 . 2008-08-25 09:34 <DIR> d----c--- C:\WINDOWS\system32\de
2008-08-25 09:34 . 2008-08-25 09:34 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-08-23 13:13 . 2008-04-14 04:22 651,264 -----c--- C:\WINDOWS\system32\dot3ui.dll
2008-08-23 13:12 . 2008-04-14 04:22 136,192 -----c--- C:\WINDOWS\system32\aaclient.dll
2008-08-23 00:47 . 2008-08-23 00:47 1,147,293 --a--c--- C:\WINDOWS\Meguiars.exe
2008-08-23 00:47 . 2008-08-23 00:47 463,348 --a--c--- C:\WINDOWS\Meguiars.scr
2008-08-23 00:47 . 2008-08-23 00:47 40,960 --a--c--- C:\WINDOWS\Meguiars.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 09:53 --------- dc----w C:\Programme\ewido anti-malware
2008-09-17 23:18 --------- dc----w C:\Programme\CleanUp!
2008-09-14 21:40 --------- dc----w C:\Programme\TWIXTEL
2008-09-02 10:48 19,512 -c--a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-08-17 14:59 --------- dc----w C:\Programme\Electronic Arts
2008-07-29 21:13 --------- dc----w C:\Programme\Picasa2
2008-07-29 20:57 --------- dc----w C:\Programme\Google
2008-07-20 10:06 --------- dc----w C:\Dokumente und Einstellungen\Isabelle\Anwendungsdaten\HP
2008-07-19 01:03 --------- dc----w C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\TuneUp Software
2008-07-19 01:02 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2005-12-17 18:43 20,528 -c--a-w C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bmsark.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= ATIYUV12.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Programme\\Skype\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Dokumente und Einstellungen\\Marcel\\Desktop\\eMule\\eMule\\emule.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 29156]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]
S2 MCGEIYSJ;MCGEIYSJ;C:\WINDOWS\system32\mcgeiysj.nyo [ ]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-{F63CB648-B3AB-4001-A96B-324CE8B2F52C} - C:\WINDOWS\fqbewlna.dll
HKCU-Run-NBJ - C:\Programme\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-updateMgr - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-ATI Launchpad - (no file)
HKLM-Run-Norman ZANDA - C:\Norman\bin\ZLH.EXE
HKLM-Run-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe
HKLM-Run-Adobe Photo Downloader - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
ShellExecuteHooks-{6928C803-AA5D-4B3A-9943-3C3F784A02BD} - (no file)


.
------- Zusätzlicher Suchlauf -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 13:28:53
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCGEIYSJ]
"ImagePath"="\??\C:\WINDOWS\system32\mcgeiysj.nyo"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Weitere laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Norman\npm\bin\elogsvc.exe
C:\Norman\npm\bin\Zanda.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Norman\npm\bin\Njeeves.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-09-18 13:39:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-09-18 11:39:45

Vor Suchlauf: 21 Verzeichnis(se), 100,559,917,056 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 100,659,376,128 Bytes frei

171 --- E O F --- 2008-09-10 11:01:39
---------------------------------------------------------------------------
.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74C4-08AE

Verzeichnis von C:\WINDOWS\system32

03.04.2023 15:06 135'168 vbSendMail.dll
18.09.2008 20:29 13'002 wpa.dbl
18.09.2008 11:29 0 7fe7cc7f-.txt
26.08.2008 22:28 16'208'504 MRT.exe
25.08.2008 11:42 412'444 perfh009.dat
25.08.2008 11:42 65'332 perfc009.dat
25.08.2008 11:42 428'966 perfh007.dat
25.08.2008 11:42 79'062 perfc007.dat
25.08.2008 11:42 998'832 PerfStringBackup.INI
25.08.2008 11:39 90 spupdwxp.log
25.08.2008 11:38 440'536 FNTCACHE.DAT
14.08.2008 12:21 599'634 TZLog.log
18.07.2008 22:10 94'920 cdm.dll
18.07.2008 22:10 53'448 wuauclt.exe
18.07.2008 22:10 45'768 wups2.dll
18.07.2008 22:10 36'552 wups.dll
18.07.2008 22:10 33'992 wucltui.dll.mui
18.07.2008 22:09 29'896 wuaucpl.cpl.mui
18.07.2008 22:09 29'896 wuapi.dll.mui
18.07.2008 22:09 325'832 wucltui.dll
18.07.2008 22:09 215'752 wuaucpl.cpl
18.07.2008 22:09 205'000 wuweb.dll
18.07.2008 22:09 563'912 wuapi.dll
18.07.2008 22:09 1'811'656 wuaueng.dll
18.07.2008 22:08 21'192 wuaueng.dll.mui
18.07.2008 22:07 270'880 mucltui.dll
18.07.2008 22:07 29'728 mucltui.dll.mui
18.07.2008 22:07 210'976 muweb.dll
07.07.2008 22:26 253'952 es.dll
24.06.2008 18:42 74'240 mscms.dll
24.06.2008 18:12 295'936 wmpeffects.dll
24.06.2008 10:14 3'592'192 mshtml.dll
23.06.2008 18:14 826'368 wininet.dll
23.06.2008 18:14 477'696 mshtmled.dll
23.06.2008 18:14 102'912 occache.dll
23.06.2008 18:14 671'232 mstime.dll
23.06.2008 18:14 105'984 url.dll
23.06.2008 18:14 1'159'680 urlmon.dll
23.06.2008 18:14 44'544 pngfilt.dll
23.06.2008 18:14 193'024 msrating.dll
23.06.2008 18:14 233'472 webcheck.dll
23.06.2008 18:14 459'264 msfeeds.dll
23.06.2008 18:14 1'831'424 inetcpl.cpl
23.06.2008 18:14 52'224 msfeedsbs.dll
23.06.2008 18:14 267'776 iertutil.dll
23.06.2008 18:14 27'648 jsproxy.dll
23.06.2008 18:14 44'544 iernonce.dll
23.06.2008 18:14 6'066'176 ieframe.dll
23.06.2008 18:14 214'528 dxtrans.dll
23.06.2008 18:14 63'488 icardie.dll
23.06.2008 18:14 230'400 ieaksie.dll
23.06.2008 18:14 153'088 ieakeng.dll
23.06.2008 18:14 133'120 extmgr.dll
23.06.2008 18:14 384'512 iedkcs32.dll
23.06.2008 18:14 383'488 ieapfltr.dll
23.06.2008 18:14 347'136 dxtmsft.dll
23.06.2008 18:14 124'928 advpack.dll
23.06.2008 11:20 13'824 ieudinit.exe
23.06.2008 11:20 70'656 ie4uinit.exe
21.06.2008 07:23 161'792 ieakui.dll
20.06.2008 19:46 147'968 dnsapi.dll
20.06.2008 19:46 247'296 mswsock.dll

Hoffentlich seht Ihr das gleich wie ich und könnt mir sagen, dass alles weg ist.

Vielen Dank schon mal im Voraus.

Gruss Marcel

#4 Tag,Marcel
Entferne Hijack This

Download: Trend Micro Hijack This™
Doppelklick HJTInstall.exe und installiere das Tool in C:\Programme\Trend Micro\Hijack This
Am Ende steht auf dein Desktop eine verknüpfung

Starte Hijack This und klicke “Do a system scan and safe a logfile”
Save log --> hijackthis.log - Save - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Windows Vista rechtsklick auf HijackThis.exe waehle "Run as Administrator".

Dein HJ steht in eine Temp datei
__________
MfG Argus

#5 Hallo Arnold,ich hab jetzt das gemacht was du mir geschrieben hast und dies ist das Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00, on 21.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyguide.ch/main.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127892565295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173495498609
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O20 - AppInit_DLLs: bmsark.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7805 bytes

Besten Dank im Voraus für eure Rückmeldung.

Gruss Marcel

#6 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - AppInit_DLLs: bmsark.dll

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an.
Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\Windows\System32\bmsark.dll
) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Doppelklick fix.bat und poste das log was erscheint

Update MBAM und scanne und lass alles entfernen was gefunden wird
Rechner neu starten

Und ein log von Hijack This
__________
MfG Argus

#7 Hallo Arnold,

zu Beginn möchte ich Dir vielmal danke sagen für Deine Hilfe.

Also das hier stand im Log:

Deleting files
C:\Windows\System32\bmsark.dll not found

Mbam hat keine Dateien gefunden welche gelöscht werden.

und das, ist das Logfile von Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03, on 22.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyguide.ch/main.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127892565295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173495498609
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7390 bytes

Gruss Marcel

#8 Im log ist auch nichts mehr zu erkennen

Ueber AVG folgendes
http://free.avg.com/ww.download-avg-anti-spyware-and-anti-rootkit
__________
MfG Argus

#9 das heisst ich bin virus frei?

also nicht ich sondern der pc?

#10 Systemwiederherstellung
Info:
http://virus-protect.org/systemwiederherstellung.html
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung -->
Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. - dann wieder aktivieren

Java
Dein Java software ist veraltet,
Download Java Runtime Environment (JRE) 6u7 zum Desktop

Entferne ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Die aeltere Versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Schliesse alle Programme auch dein Webbrowser
Installiere jetzt vom Desktop aus ---> jre-6u7-windows-i586-p.exe

Happy Surfing
__________
MfG Argus

#11 kann ich auch die Java(TM) 6 Updates deinstallieren und das selbe mit Java(TM) SE Runtime Environment 6 Update machen?

#12 Hier gibt es alle downloads fuer Java http://java.sun.com/javase/downloads/index.jsp
__________
MfG Argus