Internet Explorer öffnet sich von selbst mit Werbung !!!

#0
07.11.2008, 12:13
...neu hier

Beiträge: 2
#1 Hallo,

Ich bitte dringend um Hilfe...

Ich habe Windows Vista und wie bei den anderen öffnet sich Windows Explorer alle 3 - 4 Minuten von selbst mit Werbung....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:40, on 07.11.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cherry\KeyMan\KeyMan.exe
C:\Program Files\Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\aol\1212739155\ee\aolsoftware.exe
C:\Program Files\Napster\napster.exe
C:\Windows\keylogbyme.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eurozeichen\euroat.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Users\Jürgen\AppData\Local\zlfbl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\IEBUTT~2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\IEBUTT~1.DLL
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\IEBUTT~3.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212739155\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Patience] "Patience" = "%Windir%\Patience.exe"
O4 - HKLM\..\Run: [keylogbyme] "keylogbyme" = "%Windir%\keylogbyme.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [euroat.exe] C:\Program Files\Eurozeichen\euroat.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [zlfbl] "c:\users\jürgen\appdata\local\zlfbl.exe" zlfbl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: WISO Bewerbung-Reminder.lnk = C:\Program Files\Bewerbung 2008\KCReminder.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.de/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F85B1E6-AA72-402B-B484-BFA2877643E5}: NameServer = 213.191.74.19 62.109.123.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 14200 bytes
Seitenanfang Seitenende
07.11.2008, 14:42
Moderator

Beiträge: 5694
#2 Also die Dateinamen tönen schon nach Keylogger....

>>
Lass folgende Dateien bei www.virustotal.com/de prüfen und poste das Ergebnis:

C:\Windows\keylogbyme.exe
C:\Users\Jürgen\AppData\Local\zlfbl.exe

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Zitat

R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
O4 - HKLM\..\Run: [Patience] "Patience" = "%Windir%\Patience.exe"
O4 - HKLM\..\Run: [keylogbyme] "keylogbyme" = "%Windir%\keylogbyme.exe
und wähle fix checked.

Starte den Rechner neu.

>>
Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log:
(Vor der Anwendung Update nicht vergessen)
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss
Seitenanfang Seitenende
07.11.2008, 15:52
...neu hier

Themenstarter

Beiträge: 2
#3 Hat leider sehr lange gedauert, bis die Laufwerke gescannt wurden, aber jetzt habe ich alles nach Anleitung gemacht...

Hier sind die nächsten Logs...

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1371
Windows 6.0.6000

07.11.2008 18:19:52
mbam-log-2008-11-07 (18-19-52).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 238186
Laufzeit: 2 hour(s), 11 minute(s), 12 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Keygen NEW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Nero\AutoPlay\Docs\nero_keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\keylogbyme.exe (Trojan.TinyKeylogger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot.

---------------------------------------------------------------------------

ComboFix 08-11-06.01 - Jürgen 2008-11-07 18:39:56.1 - NTFSx86
ausgeführt von:: C:\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\Jürgen\AppData\Local\zlfbl.dat
c:\users\Jürgen\AppData\Local\zlfbl.exe
c:\users\Jürgen\AppData\Local\zlfbl_nav.dat
c:\users\Jürgen\AppData\Local\zlfbl_navps.dat
c:\users\Jürgen\AppData\Roaming\inst.exe
c:\windows\system32\BReWErS.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-10-07 bis 2008-11-07 ))))))))))))))))))))))))))))))
.

2008-11-07 18:37 . 2008-11-07 18:37 3,043,965 -ra------ C:\ComboFix.exe
2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Malwarebytes
2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-07 16:06 . 2008-11-07 16:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 16:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-07 16:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-07 16:05 . 2008-11-07 16:05 2,372,472 --a------ C:\mbam-setup.exe
2008-11-07 12:50 . 2008-11-07 12:52 <DIR> d-------- C:\Nero
2008-11-07 10:27 . 2008-11-07 11:29 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-07 10:27 . 2008-11-07 10:40 <DIR> d-------- c:\program files\Spybot
2008-11-07 10:24 . 2008-11-07 10:24 15,083,520 --a------ C:\spybotsd160.exe
2008-11-07 10:09 . 2008-11-07 10:09 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 10:09 . 2008-11-07 10:09 812,344 --a------ C:\HJTInstall.exe
2008-11-07 09:46 . 2008-11-07 09:46 18,944 --a------ c:\windows\stsvc.dll
2008-11-05 16:44 . 2008-11-05 16:44 17,657 --a------ C:\M261714.pdf
2008-11-04 18:29 . 2008-11-04 18:29 <DIR> d-------- c:\programdata\wmp
2008-11-04 14:12 . 2008-11-04 14:12 259,896 --a------ C:\Beratungsprotokoll.pdf
2008-11-04 14:10 . 2008-11-04 14:10 10,120 --a------ C:\kuendigung.pdf
2008-11-04 14:09 . 2008-11-04 14:09 236,241 --a------ C:\Huk24 Informationsblatt.pdf
2008-11-04 14:09 . 2008-11-04 14:09 9,785 --a------ C:\Huk24 KFZ-Vereinbarung.pdf
2008-11-04 13:41 . 2008-11-04 13:41 259,896 --a------ C:\Huk24.pdf
2008-11-04 10:22 . 2008-11-04 10:22 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-03 22:55 . 2008-11-02 17:05 5,380,179 --a------ C:\09 - Bushido feat. Karel Gott - Für Immer Jung.mp3
2008-11-03 13:23 . 2008-11-03 13:22 31,532 --a------ C:\36c5_1.jpg
2008-11-03 11:25 . 2008-11-03 11:25 9,091,259 --a------ C:\dhl_versandhelfer.zip
2008-11-02 15:59 . 2008-11-02 15:59 <DIR> d-------- c:\windows\uninstall\PC-Spielautomaten
2008-11-02 15:59 . 2008-11-02 15:59 <DIR> d-------- c:\windows\uninstall
2008-11-01 21:18 . 2008-11-01 21:18 <DIR> dr-h----- c:\users\Jürgen\AppData\Roaming\SecuROM
2008-11-01 21:18 . 2008-11-01 21:18 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2008-11-01 21:12 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2008-10-31 14:13 . 2008-11-05 18:04 <DIR> d-------- c:\program files\Preispiraten6
2008-10-31 14:03 . 2008-10-31 14:03 9,307,400 --a------ C:\preispiraten6installer_complete.exe
2008-10-24 20:14 . 2008-10-24 20:14 26,088,381 --a------ C:\Bon Jovi You Give Love A Bad Name.wmv
2008-10-24 20:07 . 2008-10-24 20:08 27,013,247 --a------ C:\runaway bon jovi.wmv
2008-10-24 20:03 . 2008-10-24 20:04 28,981,325 --a------ C:\bon jovilivin on a prayer.wmv
2008-10-24 19:49 . 2008-10-24 19:50 40,834,755 --a------ C:\Manowar Warriors Of The World Unite AMV By PsYh0.wmv
2008-10-24 19:36 . 2008-10-24 19:37 24,398,931 --a------ C:\Lulu Lewe Crush on you High Quality Video.wmv
2008-10-24 11:25 . 2008-10-24 11:25 15,192,075 --a------ C:\Azad Alles LÃgen.wmv
2008-10-24 10:56 . 2008-10-24 10:57 19,169,621 --a------ C:\Schnuffel HÃschenparty.wmv
2008-10-24 10:50 . 2008-10-24 10:51 19,221,355 --a------ C:\Duffy Warwick Avenue Official Video.wmv
2008-10-24 10:47 . 2008-10-24 10:48 18,795,377 --a------ C:\Maria Mena All This Time PickMeUp Song.wmv
2008-10-24 10:43 . 2008-10-24 10:44 26,049,957 --a------ C:\Scooter vs Status Quo Jump That Rock Whatever You Want HQ.wmv
2008-10-24 10:38 . 2008-10-24 10:38 15,678,817 --a------ C:\Rosenstolz Gib mir Sonne.wmv
2008-10-24 10:36 . 2008-10-24 10:36 14,328,531 --a------ C:\Sido Herz Official Video HQ aggro tv.wmv
2008-10-24 10:33 . 2008-10-24 10:34 30,549,469 --a------ C:\Silbermond Das Beste.wmv
2008-10-24 10:31 . 2008-10-24 10:31 18,718,997 --a------ C:\IchIch STARK.wmv
2008-10-24 10:27 . 2008-10-24 10:28 26,369,993 --a------ C:\Ich amp Ich So soll es bleiben.wmv
2008-10-24 10:22 . 2008-10-24 10:22 21,019,335 --a------ C:\September Cry For You OFFICIAL UK Video DOWNLOAD NOW.wmv
2008-10-24 10:17 . 2008-10-24 10:18 23,070,637 --a------ C:\Sarah Connor Under My Skin.wmv
2008-10-24 10:13 . 2008-10-24 10:13 22,392,195 --a------ C:\Katy Perry I Kissed A Girl Official Music Video.wmv
2008-10-24 10:10 . 2008-10-24 10:11 25,150,745 --a------ C:\Pink So What Official Music Video HQ.wmv
2008-10-24 10:08 . 2008-10-24 10:08 19,361,759 --a------ C:\Amy Macdonald This Is The Life Official Music Video.wmv
2008-10-24 09:55 . 2008-10-24 09:55 24,475,815 --a------ C:\Rihanna Disturbia.wmv
2008-10-24 09:49 . 2008-10-24 09:50 24,203,497 --a------ C:\Gabriella Cilmi Sweet About Me.wmv
2008-10-24 09:42 . 2008-10-24 09:43 <DIR> d-------- c:\program files\ClipGrab
2008-10-23 19:16 . 2008-10-23 19:16 <DIR> d-------- c:\program files\VistaCodecPack
2008-10-23 19:15 . 2008-10-23 19:15 <DIR> d-------- c:\programdata\VistaCodecs
2008-10-22 16:18 . 2008-10-22 16:18 <DIR> d-------- c:\program files\JoWooD
2008-10-22 15:36 . 2008-10-22 15:44 <DIR> d-------- c:\program files\AnyDVD
2008-10-22 15:34 . 2008-10-22 15:42 <DIR> d-------- c:\program files\CloneDVD2
2008-10-22 15:32 . 2008-11-06 11:51 <DIR> d-------- c:\program files\DVDFab 5
2008-10-21 15:28 . 2008-10-21 15:28 112,320 --a------ c:\windows\connect.exe
2008-10-21 14:34 . 2008-03-05 14:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2008-10-21 14:34 . 2007-07-19 17:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2008-10-21 11:48 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2008-10-21 11:48 . 2007-08-31 17:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2008-10-16 13:18 . 2008-10-16 13:18 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Video DVD Maker FREE
2008-10-15 21:25 . 2008-10-29 23:00 1,980,416 --a------ C:\Fallenbrunnen Seite 2.pub
2008-10-15 21:12 . 2008-10-15 21:12 99,904 --a------ c:\windows\System32\drivers\AnyDVD.sys
2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\program files\iTunes
2008-10-09 17:11 . 2008-10-09 17:11 <DIR> d-------- c:\program files\iPod
2008-10-08 20:43 . 2008-10-08 20:43 4,184,203 --a------ C:\Haubenlift_Mazda_MX5.pdf

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:44 6,029,312 ----a-w c:\users\Jürgen\ntuser.dat
2008-11-07 17:44 6,029,312 ----a-w c:\users\Jürgen\ntuser.dat
2008-11-07 15:06 --------- d-----w c:\users\Jürgen\AppData\Roaming\Malwarebytes
2008-11-07 12:15 --------- d-----w c:\users\Jürgen\AppData\Roaming\uTorrent
2008-11-07 09:31 --------- d-----w c:\program files\Common Files\Adobe
2008-11-06 22:33 --------- d-----w c:\users\Jürgen\AppData\Roaming\temp
2008-11-06 11:12 --------- d-----w c:\programdata\DVD Shrink
2008-11-06 10:35 --------- d-----w c:\users\Jürgen\AppData\Roaming\Vso
2008-11-04 09:22 --------- d-----w c:\programdata\Installations
2008-11-04 09:22 --------- d-----w c:\program files\Nokia
2008-11-04 09:22 --------- d-----w c:\program files\Common Files\Nokia
2008-11-01 20:18 --------- d--h--r c:\users\Jürgen\AppData\Roaming\SecuROM
2008-10-31 13:14 --------- d-----w c:\users\Jürgen\AppData\Roaming\metaspinner net GmbH
2008-10-23 08:28 --------- d-----w c:\program files\Napster
2008-10-22 14:45 --------- d-----w c:\programdata\SlySoft
2008-10-21 17:40 --------- d-----w c:\program files\D-Info 2008
2008-10-21 13:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 12:18 --------- d-----w c:\users\Jürgen\AppData\Roaming\Video DVD Maker FREE
2008-10-16 11:38 --------- d-----w c:\program files\DVD Ripper Platinum 5
2008-10-13 17:13 --------- d-----w c:\program files\Movie Store 4
2008-10-13 10:23 --------- d-----w c:\users\Jürgen\AppData\Roaming\Tunebite
2008-10-13 07:44 --------- d-----w c:\program files\Common Files\aol
2008-10-09 16:11 --------- d-----w c:\programdata\Apple Computer
2008-10-06 17:30 --------- d-----w c:\programdata\NVIDIA
2008-10-06 17:19 --------- d-----w c:\program files\Microsoft Games
2008-10-05 13:20 5,352,963 ----a-w C:\WVDSetup.exe
2008-09-29 14:39 --------- d-----w c:\program files\D-Info Rückwärts 2008
2008-09-29 14:37 --------- d-----w c:\program files\Rawdump2.1
2008-09-25 17:16 --------- d-----w c:\users\Jürgen\AppData\Roaming\Roxio
2008-09-24 08:11 --------- d-----w c:\program files\ICQ6
2008-09-22 18:05 285,184 ----a-w c:\windows\Patience.exe
2008-09-22 18:05 --------- d-----w c:\users\Jürgen\AppData\Roaming\Secret Systems
2008-09-22 18:05 --------- d-----w c:\users\Jürgen\AppData\Roaming\Mozilla
2008-09-22 16:48 3,390,851 ----a-w C:\UpdateStar23_Web_GER.zip
2008-09-18 14:07 7,914,252 ----a-w C:\pm2009_setup.exe
2008-09-17 17:00 --------- d-----w c:\programdata\STAMPIT
2008-09-16 16:28 --------- d-----w c:\programdata\Napster
2008-09-16 16:14 --------- d-----w c:\program files\Common Files\Napster Shared
2008-09-12 12:54 --------- d-----w c:\users\Jürgen\AppData\Roaming\Snapfish
2008-09-10 17:27 --------- d-----w c:\program files\Bonjour
2008-09-10 17:26 --------- d-----w c:\program files\QuickTime
2008-09-10 17:26 --------- d-----w c:\program files\Common Files\Apple
2008-09-09 09:32 --------- d-----w c:\program files\Turbo Lister2
2008-09-07 12:36 1,399,242 ----a-w C:\Starterpack.zip
2008-09-07 11:00 --------- d-----w c:\users\Jürgen\AppData\Roaming\KlebezettelNG
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-28 08:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe
2008-08-26 19:05 17,790 ----a-w C:\reiseliste.zip
2008-08-25 17:18 361,216 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-08-25 14:36 319,291 ----a-w C:\ksvr2final.exe
2008-08-24 17:49 16,844,629 ----a-w C:\FFSetup145.zip
2008-08-23 09:13 6,289,190 ----a-w C:\clipgrab-2.0-beta2.exe
2008-08-19 15:49 3,845,920 ----a-w C:\mmgrex_setup_0_9_3_0u.zip
2008-08-17 10:33 678,408 ----a-w c:\windows\System32\gpprefcl.dll
2008-08-09 06:30 1,007,616 ----a-w c:\windows\System32\VSFilter.dll
2008-07-19 11:48 22,328 ----a-w c:\users\Jürgen\AppData\Roaming\PnkBstrK.sys
2008-07-09 17:32 174 --sha-w c:\program files\desktop.ini
2008-03-23 20:19 94,208 ----a-w c:\users\Jürgen\AppData\Roaming\ezplay.sys
2008-03-21 11:01 47,360 ----a-w c:\users\Jürgen\AppData\Roaming\pcouffin.sys
2007-04-11 11:12 2,279,464 ----a-w c:\program files\PcSetup.exe
2008-04-04 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040420080405\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-20 1232896]
"euroat.exe"="c:\program files\Eurozeichen\euroat.exe" [2001-11-28 170496]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2008-03-12 4608]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-12-17 3810544]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
"AnyDVD"="c:\program files\AnyDVD\AnyDVDtray.exe" [2008-10-22 2223040]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2007-11-28 237620]
"GrooveMonitor"="c:\program files\Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"HostManager"="c:\program files\Common Files\AOL\1212739155\ee\AOLSoftware.exe" [2006-09-26 50736]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CTHelper"="CTHELPER.EXE" [2008-02-20 c:\windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 c:\windows\System32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\users\Jrgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Bewerbung-Reminder.lnk - c:\program files\Bewerbung 2008\KCReminder.exe [2007-11-29 1236480]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-24 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2357750999-1669424538-2167796974-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{569F23AE-FAF6-42D2-A613-1A203298512D}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{7476FFFA-9DB3-4317-93AC-D54AD96BA4A6}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{B3ED5159-D757-4B68-AD88-909C175616E7}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{ABE70989-4C11-46FD-BE4D-169C0A888DAD}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{D16A31DD-6563-4E07-82C5-7FD58ABB193C}"= UDP:c:\program files\Common Files\aol\1206045389\ee\aolsoftware.exe:AOL Shared Components
"{87CAD8C9-4FD0-4037-8651-E9D7169B53A5}"= TCP:c:\program files\Common Files\aol\1206045389\ee\aolsoftware.exe:AOL Shared Components
"{BFBC88BD-E82E-456C-8F4A-6DA1DEB21226}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{E9EC9B4E-5391-41A3-8084-E7E1AD00B46F}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{DA5C7AAE-C8CC-40A1-8F58-E9C2995E2460}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BAE9BB23-E9B2-4C8D-AEDD-7505D3D36194}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{A423B32D-06FC-4B9F-92A3-16A5CB91EAD1}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{2C2C0FD3-F8DF-419A-8313-D2538B7A809A}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B73DB6AC-9CBD-444F-9F7D-C0D11514CCA9}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{1F254EE0-6F08-47D5-A47A-AA652CE25B39}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{5FBADCBD-0B4A-4A8A-BCF1-7B384DAC4E85}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{EA495FF9-48E8-43CB-955F-0018FE6ED984}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{AF15983A-9E74-4916-8CDD-19178000A041}c:\\users\\jürgen\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{8C4D300B-921B-4144-968C-785958C7FF87}c:\\users\\jürgen\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{A00F4527-EB4F-451D-8503-AB21C1DD64E4}c:\\program files\\nero\\nero 7\\core\\nero.exe"= UDP:c:\program files\nero\nero 7\core\nero.exe:Nero Express
"UDP Query User{7AE2F6C4-298B-4415-BECA-E2266F177BCD}c:\\program files\\nero\\nero 7\\core\\nero.exe"= TCP:c:\program files\nero\nero 7\core\nero.exe:Nero Express
"TCP Query User{52DD4076-F984-415E-932A-A39E2FAE5CE1}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"UDP Query User{57FCC6A0-EA20-4566-BE75-46A9A2E906F8}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"{EF9AF03D-60A2-4D9F-96BE-C7E345AFB6FB}"= UDP:c:\program files\Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{2216D9EB-A9AC-4ABA-894D-8F831BD6D8A6}"= TCP:c:\program files\Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{676B640E-C6CE-4271-8347-332464C1A1EE}"= UDP:c:\program files\Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A63D5146-5CBD-473D-A76C-886B558CD003}"= TCP:c:\program files\Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8409A09C-AC15-472B-8A44-8469F9C95DF0}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{6165AA3E-89C7-4A98-B724-05B41C70EDF5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{8B6FA9D9-E48E-4BB4-A321-B3CDFCD4E5AC}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F755E126-C4AA-451A-9DC9-C8676F4E170E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{A412A1E2-A642-4B48-8F76-6A58B1D23700}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3E06562D-1F83-4735-A854-A8244CA037A9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1C78E7D9-00BB-47EB-B9EC-888CDA093899}"= UDP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{6B5F3A23-0FA7-47D7-AAE8-8AF09618B6A2}"= TCP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{28496B9E-3F3B-4B28-850D-5BAAAD1E7F83}e:\\call of duty 1\\codmp.exe"= UDP:e:\call of duty 1\codmp.exe:CoDMP
"UDP Query User{ED6376A8-677F-4710-BEAD-320DAFE8BD40}e:\\call of duty 1\\codmp.exe"= TCP:e:\call of duty 1\codmp.exe:CoDMP
"TCP Query User{4A056CF2-3CCE-4E4D-B932-F8C97C09448A}e:\\call of duty 2\\cod2mp_s.exe"= UDP:e:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{3B3D1494-8B72-42BC-80BD-544FDDA3A49C}e:\\call of duty 2\\cod2mp_s.exe"= TCP:e:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{0B1AFA5E-A0EA-4C1B-A3A6-4BCB85F75DEA}"= UDP:c:\program files\Common Files\aol\1212660368\ee\aolsoftware.exe:AOL Shared Components
"{030887AF-2F99-4FA4-947A-E16292F77E43}"= TCP:c:\program files\Common Files\aol\1212660368\ee\aolsoftware.exe:AOL Shared Components
"{EF1E6B32-D571-457B-B452-68C34DDD4469}"= UDP:c:\program files\Common Files\aol\1212739155\ee\aolsoftware.exe:AOL Shared Components
"{4BAE35D2-0EBD-4C55-931D-0A77D4F7159F}"= TCP:c:\program files\Common Files\aol\1212739155\ee\aolsoftware.exe:AOL Shared Components
"{FFC76AF4-5FFB-45A1-8DAE-D451C7D395D1}"= UDP:c:\windows\System32\PnkBstrA.exe:pnkBstrA
"{5216EBB9-A11C-4A79-BAD9-B809F2452A46}"= TCP:c:\windows\System32\PnkBstrA.exe:pnkBstrA
"{7251D2EB-E074-4B0C-945E-92D877887EF3}"= UDP:c:\windows\System32\PnkBstrB.exe:pnkBstrB
"{A78B9B40-33B0-4723-A54D-531ADEF022CC}"= TCP:c:\windows\System32\PnkBstrB.exe:pnkBstrB
"{6E929A21-0523-4CAB-9C26-57F06671B0C6}"= UDP:e:\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7A9D8006-1B6E-4590-97CE-EA5A2E8DA8DD}"= TCP:e:\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{47DB9B76-F07C-4303-8950-0B6BAB9F6D5B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B7A4C387-7344-4751-8DDB-8F194FE54343}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{5E727A34-F032-4988-81D2-AEB80AF92D4A}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{60665A05-DFAB-464D-80B9-1D96B1B71870}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{EEC76B6D-C6BC-4362-9031-EB70CE60D994}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{EF5F207E-4093-4100-BFF0-D81DA4835C08}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{43C80720-2A52-4696-8E02-2E108CA46B25}c:\\users\\jürgen\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\jürgen\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{EB384146-6C12-444B-99E2-3041ED2CEC2A}c:\\users\\jürgen\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\jürgen\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{08045C5C-AEFC-48A4-8FD6-793E088937AB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{7DD1A706-0CB2-43EC-95A4-AB4BF5BC86D8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{C5854F9A-F10D-41BD-B396-EC8C8C5E264D}e:\\program files\\call of duty 1\\codmp.exe"= UDP:e:\program files\call of duty 1\codmp.exe:CoDMP
"UDP Query User{768F87E2-73CC-42E9-B441-FA524E74E450}e:\\program files\\call of duty 1\\codmp.exe"= TCP:e:\program files\call of duty 1\codmp.exe:CoDMP
"TCP Query User{1282C9A6-CC90-4273-969D-281C7E12F979}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{D7A51678-B12F-4155-9031-6734760C29E5}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{8F9EC661-AD28-4552-9244-ADDF15E3F4E5}c:\\program files\\klebezettel ng\\klebez.exe"= UDP:c:\program files\klebezettel ng\klebez.exe:Elektronische Haftnotizen für Windows
"UDP Query User{7D77CAF0-0E23-471A-81F7-A0F9875A9695}c:\\program files\\klebezettel ng\\klebez.exe"= TCP:c:\program files\klebezettel ng\klebez.exe:Elektronische Haftnotizen für Windows
"{001A889C-F57E-4E2F-877E-30B8E08666C1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0BBB8954-1E2A-4B98-B949-18C0717029D1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8288C3C8-C5E3-4092-9FBE-0FFA2BF9020D}"= UDP:c:\program files\Word Password Recovery\WordPasswordRecovery.exe:Word Password Recovery
"{BDF32922-F964-47B0-A722-9625A19EBF08}"= TCP:c:\program files\Word Password Recovery\WordPasswordRecovery.exe:Word Password Recovery
"{AE1315E3-7AF3-4AF2-9AD0-D92E2D3D9A05}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A0465488-F8BB-4F99-B621-FD80FC12720A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{EA29A5C2-9CA6-47FA-BCD5-FA388DE7D581}c:\\program files\\utorrent\\finish\\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\\sof3.exe"= UDP:c:\program files\utorrent\finish\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\sof3.exe:sof3
"UDP Query User{4989775B-06BB-449F-9825-6B37DED47FA0}c:\\program files\\utorrent\\finish\\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\\sof3.exe"= TCP:c:\program files\utorrent\finish\pc_soldiers.of.fortune.3 payback -.modded.-.direct.play.-toed\sof3.exe:sof3
"TCP Query User{A1A927A7-2FE5-4F8F-902E-93DAAD91D657}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{3098BB04-2504-494F-A992-AD9761E63DAD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{80A27C65-92EC-431F-9A76-F716D4ACC1CD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{11B09A05-5F1D-4500-AF23-F9F55539068E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8550C3BB-C86B-458F-8F07-D6B310B346B4}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{EA1EDFDB-7D9A-4929-BC1F-5D11C7EE8F05}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2008-04-24 110304]
R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2008-07-07 809296]
R2 UxTuneUp;TuneUp Designerweiterung;c:\windows\System32\svchost.exe [2006-11-02 22016]
R3 Ch2kUSB;Cherry USB Treiber für CDI;c:\windows\system32\drivers\Ch2kUSB.sys [2007-08-23 112512]
R3 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [2007-09-27 585774]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-03-20 240128]
S3 Ch2kPS2;Cherry PS/2 Tastatur Treiber (CDI);c:\windows\system32\DRIVERS\Ch2kPS2.sys [2007-08-22 130816]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-05-17 79360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;c:\windows\System32\TuneUpDefragService.exe [2008-08-25 361216]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners

2008-11-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-01 16:22]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-zlfbl - c:\users\jürgen\appdata\local\zlfbl.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Zusätzlicher Suchlauf -------
.
R0 -: HKCU-Main,Start Page = hxxp://alice.aol.de
R0 -: HKLM-Main,Start Page = hxxp://alice.aol.de
O8 -: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 -: &Preispiratensuche nach markiertem Text - c:\\Program Files\\Preispiraten6\\preispiraten.html
O8 -: Nach Microsoft E&xel exportieren - c:\progra~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 -: {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home
O9 -: {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de
O9 -: {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home -
O9 -: {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de -
O17 -: HKLM\CCS\Interface\{5F85B1E6-AA72-402B-B484-BFA2877643E5}: NameServer = 213.191.74.11 213.191.92.82

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
c:\windows\Downloaded Program Files\sysreqlab3.dll

O16 -: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
c:\windows\Downloaded Program Files\IfolorUploader.inf
c:\windows\Downloaded Program Files\IfolorUploader.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 18:44:57
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-11-07 18:47:08
ComboFix-quarantined-files.txt 2008-11-07 17:47:04

Vor Suchlauf: 28 Verzeichnis(se), 66.123.669.504 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 66,088,628,224 Bytes frei

355 --- E O F --- 2008-10-06 17:25:27


bin auf eure Hilfe angewiesen und hoffe ihr könnt mir helfen...

Vielen Dank !!!!

------------------------------------------------------------------------------------------------------------------------------------------------------

Hallo Swiss,

Also ich habe nach Anleitung alles so gemacht wie du mir geschrieben hast und ich habe festgestellt nach einen Neustart ist die Werbung weg, also wieder alles so wie vorher...

VIELEN DANK...

Du hast mich vor einer Neuinstallation gerettet...

DANKE, ihr seit wirklich die besten....
Dieser Beitrag wurde am 07.11.2008 um 21:37 Uhr von Ice-Age editiert.
Seitenanfang Seitenende
08.11.2008, 11:30
Member

Beiträge: 3716
#4 hallo,
wer keygens verwendet, muss halt damit rechnen... prüfe in zukunft dateien, bei denen du dir nicht sicher bist bei virus total. verwende navilog nach anleitung oposte beide logs. Achtung! bitte auf navilog.exe mit rechtsklick und als administrator ausführen.
http://virus-protect.org/artikel/tools/navilog.html
Seitenanfang Seitenende
08.11.2008, 14:22
Moderator

Beiträge: 5694
#5 Zudem was Virenfinder gepostet hat mache noch folgendes:

>>
Combofix entfernen:
Windows Taste + R drücken
Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint
http://virus-protect.org/artikel/tools/sdfix.html

>>
Arbeite datfindbat ab - poste von jedem log nur die Daten der letzten drei monate:
http://www.virus-protect.org/datfindbat.html
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »