Google Umleitungen/Redirects bei Suchergebnissen

#16 c:\windows\system32\drivers\etc\drivers\etc
poste mir bitte den inhalt der hosts-datei

#17 127.0.0.1 localhost

#18 Download GooredFix zum Desktop
Doppelklick GooredFix.exe
Waehle 1, und Enter
Warte auf Gooredlog.txt und poste dessen Inhalt hier im Thread
__________
MfG Argus

#19 GooredFix v1.83 by jpshortstuff
Log created at 13:48 on 10/02/2009 running Option #1 (Joe)
Firefox version 3.0.6 (de)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Programme\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Programme\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Programme\Java\jre6\lib\deploy\jqs\ff"

#20 >>
Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint
http://virus-protect.org/artikel/tools/sdfix.html

>>
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
--> die listen.bat doppelt klicken
--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

Gruss Swiss

#21 SDfix Report


SDFix: Version 1.240
Run by Joe on 2009-02-10 at 15:40

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 15:51:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c7,11,d9,ac,37,b0,bb,ed,e4,46,8a,90,63,d7,79,5e,c6,e1,2e,4c,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:56,e2,bf,90,cc,6a,8f,eb,f7,61,55,ad,04,62,71,8d,59,e6,ec,7b,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6a,dd,f4,51,7d,31,08,8f,4d,26,26,79,a3,3f,4f,57,e9,5f,2b,f5,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:23,ff,ea,eb,86,af,d9,3b,65,dd,58,e3,b3,5b,46,70,dc,31,b5,88,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6a,dd,f4,51,7d,31,08,8f,4d,26,26,79,a3,3f,4f,57,e9,5f,2b,f5,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:23,ff,ea,eb,86,af,d9,3b,65,dd,58,e3,b3,5b,46,70,dc,31,b5,88,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:41,1e,52,9c,cb,41,92,4f,55,e4,50,34,f8,c0,29,b2,f6,47,ee,de,d2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:23,ff,ea,eb,86,af,d9,3b,65,dd,58,e3,b3,5b,46,70,dc,31,b5,88,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:921de877
"s2"=dword:3e48ae2e
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0b,f7,71,05,2c,76,c6,5c,05,bb,26,84,70,85,38,d5,25,c6,9c,88,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:79,af,bd,ab,34,f0,be,c3,72,95,c7,5f,47,62,4c,d2,78,f2,b4,83,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:98,24,b9,14,50,e4,0f,62,ea,b1,25,05,6b,5a,9a,d3,4e,d5,08,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,be,80,9d,fe,07,7c,3a,91,93,a2,c0,ef,4a,8c,89,17,..
"khjeh"=hex:8d,ad,cf,78,b8,dc,0a,92,a0,1d,3e,78,f4,8d,09,e5,61,9a,20,f3,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0b,f7,71,05,2c,76,c6,5c,05,bb,26,84,70,85,38,d5,25,c6,9c,88,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:79,af,bd,ab,34,f0,be,c3,72,95,c7,5f,47,62,4c,d2,78,f2,b4,83,94,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="9294A786264525D4F8E1313F06756300D3052441FEC31538E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Steam\\steam.exe"="C:\\Programme\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Programme\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Programme\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Programme\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Programme\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programme\\Spamihilator\\cdcc.exe"="C:\\Programme\\Spamihilator\\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\\Programme\\Spamihilator\\dccproc.exe"="C:\\Programme\\Spamihilator\\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\\Programme\\Spamihilator\\spamihilator.exe"="C:\\Programme\\Spamihilator\\spamihilator.exe:*:Enabled:Spamihilator"
"C:\\Programme\\NewsBin\\nbpro.exe"="C:\\Programme\\NewsBin\\nbpro.exe:*:Enabled:NewsBin Pro"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Thu 13 Dec 2007 24 ..SH. --- "C:\WINDOWS\S86EDA54D.tmp"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programme\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDHelper.dll"
Wed 30 Jul 2008 1,429,840 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programme\Spybot - Search & Destroy\Tools.dll"
Sun 8 Feb 2009 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 22 Jan 2009 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Sep 2007 7,185 A..HR --- "C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\SecuROM\UserData\securom_v7_01.bak"
Mon 9 Jan 2006 237,568 A.SH. --- "C:\250GB\Abizeitung\Abizeitung 2006\Fotos\Julia\Julia\Fotos Julia\M„dels Kochen,Omas Geb., Candlelight dinner\SIV3.tmp"

Finished!



listen.bat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Programme

2009-02-09 01:07 <DIR> .
2009-02-09 01:07 <DIR> ..
2008-03-03 13:37 <DIR> Activision
2007-10-13 13:55 <DIR> Adobe
2007-09-10 11:42 <DIR> Alcohol Soft
2007-08-15 10:55 <DIR> Analog Devices
2008-11-05 13:23 <DIR> Anno 1701
2008-12-29 13:35 <DIR> Apple Software Update
2007-08-09 16:03 <DIR> ATI
2007-12-22 11:13 <DIR> BioShock
2007-10-13 13:50 <DIR> Bonjour
2008-12-28 01:06 <DIR> Call of Duty - World at War
2007-09-27 13:14 <DIR> Canon
2009-02-04 20:34 <DIR> CCleaner
2007-08-09 15:33 <DIR> ComPlus Applications
2008-02-21 07:56 <DIR> CopyTo
2007-08-13 15:54 <DIR> Corel
2008-11-17 13:00 <DIR> COWON
2009-01-22 22:32 <DIR> Creative Installation Information
2007-08-28 00:59 <DIR> DAEMON Tools
2007-08-27 16:29 <DIR> dBpoweramp
2008-01-04 16:53 <DIR> directx
2007-10-18 20:53 <DIR> DivX
2008-02-19 18:15 <DIR> East-Tec Eraser 2008
2009-01-03 12:32 <DIR> ElsterFormular
2009-02-03 17:20 <DIR> EsetOnlineScanner
2009-02-10 16:00 <DIR> F-Secure Internet Security
2007-09-28 17:44 <DIR> FDRTools
2007-09-21 20:41 <DIR> FlashGet
2007-08-13 01:54 <DIR> FLVPlayer
2008-01-09 21:37 <DIR> FoxBurnerPlugin
2008-07-30 08:09 <DIR> Foxit Software
2008-08-22 19:24 <DIR> Free Download Manager
2009-02-09 17:21 <DIR> Gamers.IRC
2009-02-09 16:01 <DIR> Gemeinsame Dateien
2007-10-31 15:17 <DIR> Ghostgum
2007-10-31 15:16 <DIR> Ghostscript
2007-12-08 13:06 <DIR> Google
2008-02-06 00:33 <DIR> Guitar Pro 5
2009-02-09 16:42 <DIR> HijackThis
2007-11-25 15:11 <DIR> Hitman Blood Money
2007-09-25 15:17 <DIR> HLSW
2007-09-19 13:39 <DIR> Icemat Siberia USB Soundcard
2008-01-11 15:58 <DIR> ICQLite
2007-08-30 14:48 <DIR> IMSIDesign
2007-08-17 14:20 <DIR> Internet Explorer
2008-12-04 09:40 <DIR> Java
2009-01-17 22:05 <DIR> JetAudio
2007-09-04 22:06 <DIR> jv16 PowerTools 2007
2009-01-25 23:23 <DIR> JägerprüfungNI
2008-05-31 15:31 <DIR> Kalenderchen
2008-01-11 13:47 <DIR> Learning Essentials
2007-08-14 13:06 <DIR> Logitech
2008-01-09 21:37 <DIR> Machinist2DLL
2007-09-12 11:31 <DIR> MagicISO
2009-01-29 16:38 <DIR> Malwarebytes' Anti-Malware
2007-08-09 16:01 <DIR> Marvell
2008-12-16 20:39 <DIR> MediaMonkey
2007-08-09 15:47 <DIR> Messenger
2008-01-11 13:49 <DIR> Microsoft Encarta
2009-02-01 15:45 <DIR> microsoft frontpage
2008-01-11 13:48 <DIR> Microsoft Lernen und Wissen
2008-02-20 19:31 <DIR> Microsoft Office
2007-10-17 20:43 <DIR> Microsoft.NET
2007-10-31 15:11 <DIR> MiKTeX 2.5
2007-08-09 15:34 <DIR> Movie Maker
2009-02-10 16:22 <DIR> Mozilla Firefox
2009-02-10 14:33 <DIR> Mozilla Thunderbird
2007-08-09 15:40 <DIR> MSBuild
2008-02-20 19:31 <DIR> MSECache
2007-08-09 15:32 <DIR> MSN
2007-08-09 15:33 <DIR> MSN Gaming Zone
2007-08-14 10:55 <DIR> Nero
2007-11-18 16:40 <DIR> NETGEAR
2007-08-09 15:35 <DIR> NetMeeting
2009-01-28 20:34 <DIR> NewsBin
2007-08-09 15:33 <DIR> Online Services
2008-01-13 10:35 <DIR> Online-Dienste
2007-11-16 11:05 <DIR> OO Software
2007-09-17 22:21 <DIR> OpenOffice.org 2.3
2007-08-09 15:35 <DIR> Outlook Express
2009-02-03 10:42 <DIR> Panda Security
2007-09-12 11:07 <DIR> PowerStrip
2008-12-14 21:11 <DIR> QIP
2008-12-29 13:38 <DIR> QuickTime
2008-01-27 22:19 <DIR> Real
2007-08-09 15:38 <DIR> Reference Assemblies
2008-01-04 16:53 <DIR> Rockstar Games
2008-01-24 18:27 <DIR> Saal Digital
2008-10-05 09:56 <DIR> Sam And Max Season One Collection Pack
2007-12-01 21:28 <DIR> seRapid
2008-01-09 21:37 <DIR> ShrinkTo5
2008-02-04 07:36 <DIR> Skype
2007-12-13 15:56 <DIR> SlySoft
2007-11-18 15:07 <DIR> SmartCode Solutions
2008-01-08 23:51 <DIR> SoundSpectrum
2009-02-10 15:59 <DIR> Spamihilator
2008-10-06 10:50 <DIR> SPORE
2009-01-03 20:42 <DIR> Spybot - Search & Destroy
2009-01-02 21:51 <DIR> Steam
2009-02-03 15:38 <DIR> SUPERAntiSpyware
2008-07-11 10:46 <DIR> Surfino Newsreader
2007-11-02 13:04 <DIR> Synchronizer
2009-02-09 11:40 <DIR> TELL ME MORE NV
2007-10-31 15:15 <DIR> TeXnicCenter
2009-02-09 11:40 <DIR> The Rosetta Stone
2008-12-17 10:22 <DIR> Tipp10
2008-02-04 11:15 <DIR> TippKönigin Demo
2008-02-18 13:41 <DIR> TrueCrypt
2009-01-26 08:35 <DIR> TuneUp Utilities 2009
2008-05-23 18:36 <DIR> Valve
2008-02-20 20:27 <DIR> Ventrilo
2007-08-09 16:18 <DIR> VentriloMIX
2007-08-09 15:49 <DIR> VideoLAN
2007-08-21 12:04 <DIR> VMNetSrv
2007-11-18 15:07 <DIR> VNC Manager
2008-05-06 16:56 <DIR> Vokabel Master
2007-08-09 15:33 <DIR> Windows Media Connect 2
2009-02-09 01:07 <DIR> Windows Media Player
2007-08-09 15:33 <DIR> Windows NT
2008-08-23 11:46 <DIR> WinRAR
2008-10-06 10:51 <DIR> XAC
2009-02-01 15:45 <DIR> xerox
2007-08-09 15:53 <DIR> XP Codec Pack
2007-08-09 15:45 <DIR> xp-AntiSpy
0 Datei(en) 0 Bytes
125 Verzeichnis(se), 207,018,799,104 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten

2008-12-27 16:38 <DIR> Activision
2007-10-31 15:50 <DIR> Adobe
2008-02-19 17:48 <DIR> Ahead
2007-08-17 14:20 <DIR> Apple
2007-08-17 14:20 <DIR> Apple Computer
2007-12-16 13:55 <DIR> ashampoo
2007-12-16 14:09 <DIR> Ashampoo Movie Shrink & Burn 3
2007-09-01 21:25 <DIR> Codemasters
2008-08-03 07:19 <DIR> Cooliris
2009-02-09 16:26 115,712 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-29 14:38 <DIR> Deployment
2008-05-06 20:00 38,528 GDIPFONTCACHEV1.DAT
2007-12-08 13:06 <DIR> Google
2008-08-23 11:46 <DIR> Help
2007-08-09 15:57 <DIR> Identities
2007-11-18 15:13 <DIR> IsolatedStorage
2007-08-09 17:14 <DIR> Logitech
2009-02-08 16:20 <DIR> MediaMonkey
2007-10-31 15:12 <DIR> MiKTeX
2007-08-09 15:55 <DIR> Mozilla
2009-01-28 20:34 <DIR> NewsBin
2008-01-14 18:38 <DIR> Oblivion
2008-12-29 14:36 <DIR> RapidShare
2007-09-13 11:14 <DIR> Steam
2008-11-05 13:29 <DIR> Thunderbird
2007-08-09 15:50 <DIR> {3248F0A6-6813-11D6-A77B-00B0D0150060}
2 Datei(en) 154,240 Bytes
24 Verzeichnis(se), 207,018,799,104 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Dokumente und Einstellungen\Joe\Anwendungsdaten

2007-10-17 23:01 <DIR> AccurateRip
2009-02-05 23:07 <DIR> Adobe
2007-08-14 10:57 <DIR> Ahead
2008-02-19 17:54 <DIR> Apple Computer
2007-09-07 16:18 <DIR> Bioshock
2007-09-28 17:39 <DIR> Canon
2007-08-13 15:54 <DIR> Corel
2008-11-17 12:37 <DIR> COWON
2009-01-22 15:05 <DIR> Creative
2007-10-07 18:03 <DIR> dBpoweramp
2008-08-20 13:27 <DIR> dvdcss
2008-02-19 18:16 <DIR> EAST Technologies
2009-02-04 20:47 <DIR> F-Secure
2007-09-28 18:00 <DIR> fdrtools.com
2008-02-03 12:22 <DIR> FileMaker
2007-12-08 13:06 <DIR> Google
2008-08-23 11:46 <DIR> Help
2007-08-09 15:51 <DIR> ICQLite
2007-08-09 15:43 <DIR> Identities
2007-08-30 14:47 <DIR> IMSIDesign
2007-08-14 13:05 <DIR> InstallShield
2007-08-14 13:06 <DIR> Logitech
2007-08-09 16:02 <DIR> Macromedia
2009-01-25 23:49 <DIR> Mael
2009-01-29 16:38 <DIR> Malwarebytes
2008-11-05 13:29 <DIR> Mozilla
2008-02-03 12:22 <DIR> net.dacons.menucontrol
2009-02-03 10:20 <DIR> Newsbin
2007-08-24 17:16 <DIR> NewsLeecher
2008-07-04 18:37 <DIR> OpenOffice.org2
2008-08-29 23:39 <DIR> PlayFirst
2008-03-04 13:31 22,328 PnkBstrK.sys
2008-03-20 13:30 <DIR> Real
2009-01-03 21:05 <DIR> Skype
2009-01-03 21:05 <DIR> skypePM
2007-11-18 15:12 <DIR> Smart Code
2007-11-18 15:13 <DIR> SmartCode Solutions
2007-08-09 16:51 <DIR> SmartFTP
2007-08-21 12:28 <DIR> Steganos VPN
2007-08-20 16:11 <DIR> Sun
2009-02-03 15:38 <DIR> SUPERAntiSpyware.com
2007-12-22 14:37 <DIR> Synchronizer
2008-11-05 13:30 <DIR> Talkback
2008-04-03 21:49 <DIR> teamspeak2
2008-11-05 13:29 <DIR> Thunderbird
2008-02-04 11:41 <DIR> TippKönigin Demo
2008-02-21 07:31 <DIR> TrueCrypt
2007-08-21 16:11 <DIR> TuneUp Software
2007-10-14 20:01 <DIR> U3
2008-07-11 11:14 <DIR> uTorrent
2007-08-13 22:50 <DIR> Ventrilo
2007-08-10 17:07 <DIR> vlc
2009-01-29 21:07 <DIR> WebMoney
2007-08-09 17:09 <DIR> WinRAR
1 Datei(en) 22,328 Bytes
53 Verzeichnis(se), 207,018,795,008 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

2007-08-09 16:14 305 addr_file.html
2007-10-21 02:08 <DIR> Adobe
2007-10-13 13:54 <DIR> ALM
2008-12-29 13:35 <DIR> Apple
2008-12-29 13:38 <DIR> Apple Computer
2007-12-16 13:55 <DIR> ashampoo
2009-01-03 12:35 <DIR> ElsterFormular
2008-02-03 16:37 32 ezsid.dat
2009-02-03 10:19 <DIR> f-secure
2007-09-28 18:00 <DIR> fdrtools.com
2008-07-02 11:08 <DIR> FLEXnet
2009-02-03 10:18 <DIR> fssg
2007-08-13 15:54 <DIR> InstallShield
2009-02-09 17:32 <DIR> Kaspersky Lab
2007-08-14 13:06 <DIR> LogiShrd
2007-08-14 13:06 <DIR> Logitech
2009-01-29 16:38 <DIR> Malwarebytes
2007-10-31 15:12 <DIR> MiKTeX
2008-04-28 20:20 <DIR> MSScanAppDataDir
2007-08-14 10:55 <DIR> Nero
2009-01-17 19:41 <DIR> NewsBin
2008-08-29 23:39 <DIR> PlayFirst
2008-02-03 17:53 1,359 QTSBandwidthCache
2008-02-03 16:32 <DIR> Skype
2007-12-13 15:59 <DIR> SlySoft
2009-02-09 13:43 <DIR> Spybot - Search & Destroy
2009-02-03 15:38 <DIR> SUPERAntiSpyware.com
2009-02-03 15:14 <DIR> TEMP
2007-08-30 14:17 <DIR> Trymedia
2009-01-26 08:35 <DIR> TuneUp Software
3 Datei(en) 1,696 Bytes
27 Verzeichnis(se), 207,018,790,912 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Programme\Gemeinsame Dateien

2009-02-09 16:01 <DIR> .
2009-02-09 16:01 <DIR> ..
2007-10-20 22:06 <DIR> Adobe
2007-08-14 10:56 <DIR> Ahead
2008-12-29 13:38 <DIR> Apple
2007-08-13 15:54 <DIR> Corel
2008-11-17 12:37 <DIR> COWON
2007-10-17 20:43 <DIR> Designer
2007-08-09 15:35 <DIR> Dienste
2007-08-14 13:07 <DIR> InstallShield
2007-08-09 15:50 <DIR> Java
2008-07-30 22:18 <DIR> Logishrd
2008-07-30 22:18 <DIR> Logitech
2007-10-13 13:48 <DIR> Macrovision Shared
2008-02-20 19:31 <DIR> Microsoft Shared
2007-08-09 15:35 <DIR> MSSoap
2007-08-09 16:28 <DIR> ODBC
2008-01-27 22:19 <DIR> Real
2008-07-22 21:19 <DIR> Skype
2007-08-09 16:28 <DIR> SpeechEngines
2007-08-09 15:34 <DIR> System
2009-02-03 15:38 <DIR> Wise Installation Wizard
2008-01-27 22:19 <DIR> xing shared
0 Datei(en) 0 Bytes
23 Verzeichnis(se), 207,018,790,912 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C1C-FE8B

Verzeichnis von C:\Windows\tasks

2009-02-10 16:00 488 1-Klick-Wartung.job
1 Datei(en) 488 Bytes
0 Verzeichnis(se), 207,018,790,912 Bytes frei

#22 lösche sdfix:
lade:
http://virus-protect.org/artikel/tools/systemscan.html
hake an:
Showing files newer than 60 days
REGISTRY SCAN
SCHEDULED JOBS
LIST OF ALL SERVICES DRIVERS
SVCHOST INSTANCES
LOADED MODULES
MASTER BOOT RECORD
SUSPICIOUS FILES
UNINSTALL LIST
HIJACKTHIS LOG
wenn file zu groß, dann bitte log teilen

#23 Log ist zu groß, ich habe ihn im Anhang angefügt.

#24 du kannst schon mal folgende dateien überprüfen:
C:\158508124794.kwm
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\CF1862.exe
http://www.virustotal.com/en/indexf.html
nacheinander hier abkopieren, bei virus total einfügen, absenden klicken, abwarten bis status beendet steht, dann das ergebniss hier posten,
fall meldung erscheint, datei bereits analysiert, klicke auf erneut analysieren

#25 C:\158508124794.kwm
Ergebnis: 0/39 (0%)

C:\WINDOWS\Setup1.exe
Ergebnis: 0/39 (0%)

C:\WINDOWS\system32\CF1862.exe
Ergebnis: 0/39 (0%)

#26 C:\158508124794.kwm
und
C:\WINDOWS\system32\CF1862.exe
finde ich trotzdem komisch. packe sie mit winzip oder winrar versieh sie mit einem passwort
infected
sende sie an
markusg@paules-pc-forum.de
ich will sie mir näher ansehen.
teile mir mit, wenn du sie zu mir geschickt hast.

#27 Die gepackten Dateien sind per E-Mail raus.

#28 dann heist es erst mal abwarten und tee trinken sorry...

#29 http://support.f-secure.com/ger/home/ols.shtml
gesammten pc scannen funde löschen, vllt findet der was...

#30 Kein Problem, schon mal an dieser Stelle vielen herzlichen Dank.
Ich werde mal scannen lassen.