Trojan.win32.Small.bzc

#1 Hallo,

ich habe mir da einen Trojaner eingefangen,denn ich leider trotz allen bemühen und einigen programmen wie Kaspersky Removel Toll,Gmer oder anderer nicht von meinem Rechner runterbekomme.

Ich hoffe hier in diesen Board hilfe zu bekommen.

Danke

Trojaner.Win32.Small.bzc

#2 Hallo und willkommen,
abarbeiten und logs posten:
http://board.protecus.de/t23187.htm

#3 Hallo,

habe mir leider einen Trojaner eingefangen.Trojan.win32.small.bzc

der beim scannen immer unter: C:\Windows\Temp\Skynetiitrcodimx.tmp steht

oder unter C:\windows\system32\skynetrdprbrve.dll

Als Programme habe ich Kaspersky Internet Security 2009,Kaspersky Virus

Removal Toll,Gmer.sowie andere probiert leider nützt keinen scannen oder

löschen etwas der Trojaner taucht immer wieder auf.Bei Gmer findet er diesen

Trojaner immer wieder Anhang beim Kurzscannen.

Danke würde mich über Hilfe freuen.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-21 18:48:41
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8E3F4D50 ZwEnumerateKey
Code 8E3EFC30 ZwFlushInstructionCache
Code 8E3ED85D IofCallDriver
Code 8E3F0D26 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\SKYNETeqjistth.sys (*** hidden *** ) [SYSTEM] SKYNETqcmbqnpu <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#4 so,

hoffe habe mal nicht so viel übersehn ,wenn ja dann bitte mal bescheid sagen.

Danke

#5 1.
du hast einen rootkit auf dem system.
wenn du onlinebanking betreibst, musst du deine bank von der infektion informieren. weiterhin müssen alle pws von nem sauberen system aus geendert werden, und du solltest dir überlegen zu formatieren.
2. ja, du hast die ganze verlinkte anleitung übersehen, wenn du aber formatieren willst, kannst du die dir natürlich schenken :-)

#6 so,

klingt ja nicht so gut bin auch nicht so nen profi zu
1. das mit meiner Bank muss das sein ?? ich mach online Banking.

alle pws von eine sauberen system geändert werden das heisst jetzt was genau kenne mich nicht so aus.???

was muss ich dir hier verlinken?? würde mir das betriebsystem neu drauf zu machen gerne ersparen.

#7 hallo, ich habe etwas für dich verlinkt.
Ja es muss sein!
es könnte sein, das deine bankdaten ausgespät wurden, du möchtest ja sicher nicht, dass unbefugte geld abheben oder?
der link:
http://board.protecus.de/t23187.htm
ich gebe dann aber keine garantie, dass alles wieder sauber wird.
ps:
passwörter müssen von einem sauberen (nicht infizierten pc) geendert werden, wichtige seiten darfst du mit dem auf jeden fall erst mal nicht aufrufen.

#8 habe jetzt nochmal mit F-secure BlackLight gescannt :

06/21/09 20:34:35 [Info]: BlackLight Engine 2.2.1092 initialized
06/21/09 20:34:35 [Info]: OS: 6.0 build 6002 (Service Pack 2)
06/21/09 20:34:35 [Note]: 7019 4
06/21/09 20:34:35 [Note]: 7005 0
06/21/09 20:34:37 [Note]: 7006 0
06/21/09 20:34:37 [Note]: 7027 0
06/21/09 20:34:38 [Note]: 7035 0
06/21/09 20:34:38 [Note]: 7026 0
06/21/09 20:34:38 [Note]: 7026 0
06/21/09 20:34:42 [Note]: FSRAW library version 1.7.1024

ist ja ein rootkit Toll.

was meinst du mit deinem Link da finde ich nichts?????

#9 wie du findest nichts? den text schon mal gelesen? alle programme und anweisungen ausgefürt? nein, denn die logs sind ja noch nciht hier.

#10 doch Danke mal sehn scheint zu gehn

ComboFix 09-06-20.04 - Rene 21.06.2009 21:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1202 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
/wow section - STAGE 1
Zugriff verweigert


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-562135841-1852772386-1395933027-500
c:\$recycle.bin\S-1-5-21-562135841-1852772386-1395933027-500\desktop.ini
c:\windows\system32\drivers\SKYNETeqjistth.sys
c:\windows\system32\SKYNETbtebxhye.dat
c:\windows\system32\SKYNEThuvtpakh.dat
c:\windows\system32\SKYNETitunewcl.dat
c:\windows\system32\SKYNEToeyadccg.dll
c:\windows\system32\SKYNETrrltigxt.dat
c:\windows\system32\SKYNETvtxpkqxe.dll
c:\windows\system32\SKYNETwphcvbxv.dll
c:\windows\system32\SKYNETxrqpxbpg.dll
c:\windows\system32\SKYNETxscimtni.dll
c:\windows\system32\SKYNETytnyisob.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETqcmbqnpu
-------\Legacy_RKHIT


((((((((((((((((((((((( Dateien erstellt von 2009-05-21 bis 2009-06-21 ))))))))))))))))))))))))))))))
.

2009-06-21 19:53 . 2009-06-21 19:56 -------- d-----w- c:\users\Rene\AppData\Local\temp
2009-06-21 15:43 . 2009-06-21 15:45 -------- d-----w- c:\users\Rene\.housecall6.6
2009-06-21 15:33 . 2009-06-21 15:33 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-21 15:33 . 2009-06-21 15:33 -------- d-----w- c:\program files\Yahoo!
2009-06-21 15:33 . 2009-06-21 15:33 -------- d-----w- c:\program files\CCleaner
2009-06-21 13:50 . 2009-06-21 13:50 -------- d-----w- c:\users\Rene\DoctorWeb
2009-06-21 13:40 . 2009-06-21 13:53 -------- d-----w- c:\program files\Exterminate It!
2009-06-21 13:29 . 2009-06-21 13:29 -------- d-----w- c:\program files\InCode Solutions
2009-06-21 13:18 . 2009-06-21 13:18 2 --shatr- c:\windows\winstart.bat
2009-06-21 13:17 . 2009-06-21 13:19 -------- d-----w- C:\New Folder
2009-06-21 13:01 . 2009-06-21 13:01 -------- d-----w- c:\programdata\IObit
2009-06-21 13:01 . 2009-06-21 13:01 -------- d-----w- c:\program files\IObit
2009-06-21 12:13 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 12:13 . 2009-06-21 12:13 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 12:13 . 2009-06-21 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 12:13 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-21 11:07 . 2009-06-21 11:11 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-21 08:56 . 2009-06-21 08:56 -------- d-----w- c:\windows\BDOSCAN8
2009-06-20 19:38 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\36115720.sys
2009-06-20 17:32 . 2009-06-20 17:36 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-20 17:32 . 2009-06-20 17:36 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 17:32 . 2009-06-20 17:32 -------- d-----w- c:\program files\Avira
2009-06-19 11:23 . 2009-06-19 11:23 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-19 11:23 . 2009-06-19 11:23 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-19 11:23 . 2009-06-19 11:23 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-06-19 11:05 . 2009-06-19 11:05 -------- d-----w- c:\users\Rene\AppData\Local\Symantec
2009-06-19 10:48 . 2009-06-19 11:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-19 10:48 . 2009-06-19 11:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-19 10:47 . 2009-06-21 19:54 630816 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-19 10:47 . 2009-06-21 19:54 3451424 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-19 10:47 . 2009-06-21 18:25 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-19 10:47 . 2009-06-19 10:47 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-19 10:46 . 2009-06-19 10:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-19 08:05 . 2009-06-19 08:06 -------- d-----w- c:\programdata\Norton
2009-06-19 08:04 . 2009-06-19 08:04 -------- d-----w- c:\programdata\NortonInstaller
2009-06-19 07:29 . 2009-06-19 07:29 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-18 20:36 . 2009-06-19 07:30 -------- d-----w- c:\program files\BitDefender
2009-06-18 20:36 . 2009-06-18 20:39 -------- d-----w- c:\programdata\BitDefender
2009-06-18 20:35 . 2009-06-19 07:30 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-18 08:49 . 2009-06-18 14:37 -------- d-----w- c:\program files\AxBx
2009-06-17 15:23 . 2009-06-18 17:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-17 15:01 . 2009-06-17 15:01 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 14:14 . 2009-06-17 14:33 -------- d-----w- c:\programdata\SiteAdvisor
2009-06-17 14:13 . 2006-03-03 06:07 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-06-17 14:12 . 2007-07-13 04:21 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-17 14:10 . 2009-06-17 14:40 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-17 14:09 . 2009-06-17 14:40 -------- d-----w- c:\program files\McAfee
2009-06-17 14:03 . 2009-06-17 14:40 -------- d-----w- c:\programdata\McAfee
2009-06-11 16:29 . 2009-06-11 16:29 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb870B.tmp.exe
2009-06-09 19:35 . 2009-06-09 19:35 -------- d-----w- c:\users\Rene\AppData\Local\DNA
2009-06-09 19:35 . 2009-06-09 19:35 -------- d-----w- c:\program files\BitTorrent
2009-06-08 19:37 . 2009-06-08 19:37 -------- d-----w- c:\users\Rene\AppData\Local\The_StealthNet_Team
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\program files\JonDo
2009-06-04 19:55 . 2009-06-04 19:55 -------- d-----w- c:\program files\JAP
2009-06-04 05:57 . 2009-06-04 05:57 -------- d-----w- c:\program files\WirelessMon
2009-06-02 19:37 . 2009-06-03 17:11 -------- d-----w- c:\program files\Vistumbler
2009-06-02 18:54 . 2009-06-02 18:54 -------- d-----w- c:\programdata\PassMark
2009-05-29 15:28 . 2009-05-29 15:28 -------- d-----w- c:\users\Rene\AppData\Local\DV Wizard
2009-05-27 21:33 . 2009-05-27 21:36 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 21:33 . 2009-05-27 21:35 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 21:33 . 2009-05-27 21:35 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 21:17 . 2009-05-27 21:17 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 21:14 . 2009-04-11 06:28 203264 ----a-w- c:\windows\system32\uDWM.dll
2009-05-27 21:13 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\wshbth.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 19:54 . 2009-06-19 10:47 4284 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-21 19:54 . 2009-06-19 10:47 29092 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-21 19:53 . 2008-12-01 17:05 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-21 19:17 . 2006-11-02 15:33 643842 ----a-w- c:\windows\system32\perfh007.dat
2009-06-21 19:17 . 2006-11-02 15:33 131990 ----a-w- c:\windows\system32\perfc007.dat
2009-06-20 17:32 . 2007-12-23 22:45 -------- d-----w- c:\programdata\Avira
2009-06-19 18:39 . 2007-07-24 18:00 -------- d-----w- c:\programdata\Symantec
2009-06-19 18:38 . 2007-07-24 17:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 11:23 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-18 17:34 . 2008-01-08 19:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-18 14:34 . 2008-03-12 17:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 16:46 . 2008-10-31 09:40 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-17 16:29 . 2009-03-28 22:06 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-17 15:03 . 2008-01-11 15:31 -------- d-----w- c:\programdata\Lavasoft
2009-06-12 22:45 . 2007-07-24 18:08 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 15:59 . 2008-12-24 18:09 -------- d-----w- c:\program files\DNA
2009-05-27 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 21:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-27 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 21:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-27 21:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-22 17:05 . 2009-05-22 17:05 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-09 05:50 . 2009-06-12 12:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 12:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 14:19 . 2007-07-24 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-23 12:15 . 2009-06-12 12:01 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-12 12:01 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-12 12:01 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 06:33 . 2009-05-27 21:15 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-27 21:14 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-27 21:14 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-27 21:14 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-27 21:14 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-27 21:14 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-27 21:15 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-27 21:13 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-27 21:13 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-27 21:13 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-27 21:15 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-27 21:15 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-27 21:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-27 21:13 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-27 21:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-27 21:14 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-27 21:13 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-27 21:13 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-27 21:13 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-27 21:13 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-27 21:13 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-27 21:14 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-27 21:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-27 21:14 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-27 21:14 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-27 21:14 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-27 21:14 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-27 21:14 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-27 21:13 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-27 21:14 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-27 21:15 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-11 04:43 . 2009-05-27 21:15 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-11 04:43 . 2009-05-27 21:14 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-11 04:43 . 2009-05-27 21:14 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-11 04:42 . 2009-05-27 21:14 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-27 21:14 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-27 21:14 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-27 21:14 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-27 21:14 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-27 21:14 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-27 21:13 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-27 21:13 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-27 21:15 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-27 21:13 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-27 21:13 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-27 21:13 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-27 21:14 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-05-27 21:13 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-05-27 21:14 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-27 21:13 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-27 21:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-27 21:14 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-27 21:14 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-27 21:14 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-27 21:14 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-27 21:14 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-27 21:14 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-27 21:14 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-27 21:14 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-27 21:14 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-27 21:14 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-27 21:13 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-27 21:14 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-27 21:14 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-05-27 21:14 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-05-27 21:14 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-05-27 21:14 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-05-27 21:15 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-05-27 21:14 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-03-05 16:08 . 2009-06-18 20:39 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]
"BitTorrent DNA"="c:\users\Rene\Program Files\DNA\btdna.exe" [2009-06-14 318272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-07 752400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-06-19 206088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-06-16 817424]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]

c:\users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-ESRN6.lnk - c:\users\Rene\Desktop\Virus Removal Tool\is-ESRN6\startup.exe [2009-6-20 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-24 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray
"BitTorrent DNA"="c:\users\Rene\Program Files\DNA\btdna.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e8,8e,7b,7a,14,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{475AFC44-0CB0-4BFD-8B5C-E3210BB08708}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{1EC7F833-B8B9-463E-A2AA-4C2AE434E618}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D7E5177B-8E47-43D8-9A6B-A788DA34E4A0}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{C6224888-224B-428B-8BFC-04282A3FFE7F}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{0143FA74-06F2-4868-A4F1-8334A27D8132}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{FBB4DF18-73CF-4FF7-99D5-39DE1189632A}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"TCP Query User{80A52BE0-8332-4191-BFE6-B57CABC6294F}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DD2259C5-EC24-45F0-B984-C0800FF62091}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{958E1B7E-50C3-44B0-8B36-326EBE71316D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2E3D31A8-6027-44FD-998F-444EE85CCAAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D06031D-05C1-4C63-9FDD-1473F6BF1B2F}"= UDP:c:\program files\DNA\btdna.exeNA
"{CEEE7930-471B-4156-94ED-0F42E562ED22}"= TCP:c:\program files\DNA\btdna.exeNA
"{423F8286-DD42-42F3-862B-BE09E57156E5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{19BA75B6-6428-4675-8498-E611F4DA7E77}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{861BBE27-4281-4E51-B269-62644D4B8A90}c:\\users\\rene\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\rene\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{4E654814-066F-4F5F-BC22-86320E1FA496}c:\\users\\rene\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\rene\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{D74EC84B-A922-4D7D-9965-7DA7139A6F0C}c:\\users\\rene\\program files\\dna\\btdna.exe"= UDP:c:\users\rene\program files\dna\btdna.exe:btdna.exe
"UDP Query User{08E58847-784A-42DD-9201-3BB877F6DC18}c:\\users\\rene\\program files\\dna\\btdna.exe"= TCP:c:\users\rene\program files\dna\btdna.exe:btdna.exe
"{D9A27C46-8C68-4A49-9252-8B025217402B}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"TCP Query User{C30E8503-6176-4F53-9070-A04BA7838423}c:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= UDP:c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
"UDP Query User{62B172A7-97F9-4D2F-BAEA-FDC589F891B9}c:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= TCP:c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
"{B2DAAB09-E259-45C8-A1D1-D885DF85AB56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{17C6E87F-B228-4C81-80EB-29E2D8CD8357}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{60BFCF60-6B57-4AE0-8EA8-19C005EFFE06}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{96A884FB-B2D0-4134-A30C-D5AC20824008}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{EF7E5AC9-CBE9-4443-ADDE-311224CFA4C8}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{50145EC5-EBC0-44BF-9E9F-A47B3618D3B1}"= UDP:6097:StealthNet
"TCP Query User{5BF1794D-FAEA-418E-9AB1-5585E666CD57}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{7ACBB39A-8125-4902-A30B-3E281C40B888}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{5760AF49-CBE6-405C-B810-1B1837C1B675}c:\\program files\\smart pc solutions\\1-2-3 spyware free\\spywarefree.exe"= UDP:c:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exerotecting from spyware and adware can be easy and effective!
"UDP Query User{7E4653E3-BA2F-4961-AB80-D261F9304D5A}c:\\program files\\smart pc solutions\\1-2-3 spyware free\\spywarefree.exe"= TCP:c:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exerotecting from spyware and adware can be easy and effective!
"TCP Query User{A5E28D0F-81D6-4517-AB93-A8CA5A79EC18}c:\\program files\\incode solutions\\removeit pro v4 - se\\removeit.exe"= UDP:c:\program files\incode solutions\removeit pro v4 - se\removeit.exe:removeit
"UDP Query User{EB14129C-9DA4-48C7-AA59-8D194B27176B}c:\\program files\\incode solutions\\removeit pro v4 - se\\removeit.exe"= TCP:c:\program files\incode solutions\removeit pro v4 - se\removeit.exe:removeit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29.01.2008 17:29 33808]
R1 is-ESRN6drv;is-ESRN6drv;c:\windows\System32\drivers\36115720.sys [20.06.2009 21:38 148496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09.07.2008 17:28 20496]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [01.09.2007 11:46 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [24.07.2007 19:59 50688]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.06.2009 19:32 108289]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13.03.2008 18:02 26640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 07:40 3668480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [08.02.2007 15:03 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [19.06.2009 10:11 101936]
S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [21.06.2009 15:01 224528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2009-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562135841-1852772386-1395933027-1002.job
- c:\users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-01 06:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.startup.homepage - hxxps://www.jondos.de
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Rene\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Rene\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX Richtlinien ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites -
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 21:55
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-562135841-1852772386-1395933027-1002\Software\Buhl Data Service\On4u2\nanoPEG-MPEG2\ExtData*]
"OfflineKey"="f2il02yz+PoZfjShe/ =="
"InitTime"=dword:00009aef
"LastTime"=dword:00009aef
"Keyindex"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1a32840e-d03d-4d60-ba45-eacc73178f31}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{60e1fc73-e940-4aa4-8975-8fd7ffac4878}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{cd38c362-d88c-43e7-b5c0-79e0d1bf8d6c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001b77
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fe45731b-dcdc-4d5c-8a5b-f29123a9a189}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090019d2
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fec7aa11-5de8-43e9-a8e0-ff3a35033dbd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016d4
"Dhcpv6State"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\users\Rene\AppData\Local\temp\RtkBtMnt.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\System32\igfxext.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApntEx.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\consent.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-06-21 22:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-06-21 20:01

Vor Suchlauf: 17 Verzeichnis(se), 13.403.553.792 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 13.192.671.232 Bytes frei

464 --- E O F --- 2009-06-20 16:38

#11 ok schön alles abarbeiten, logs reinstellen,morgen schaue ich

#12 Trend Micro Hija


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:58, on 21.06.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Users\Rene\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Users\Rene\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Rene\Desktop\Virus Removal Tool\is-ESRN6\is-ESRN6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rene\Program Files\DNA\btdna.exe"
O4 - Startup: is-ESRN6.lnk = C:\Users\Rene\Desktop\Virus Removal Tool\is-ESRN6\startup.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10556 bytes

#13 Müsste jetzt alles okay sein oder????

#14 was ist mit dem log von malwarebytes?

#15 Danke,

Es kommen keine Fehlermeldungen mehr.

War heute bei meiner Bank,mit der Info das ich mir da keine Sorgen machen soll.

Aber ich könnte mein Passwort ändern,sollte jemand versuchen zuzugreifen würde ich von der Bank bescheid bekommen.

Ausserdem bräuchte der jenige meine Tan Liste um abheben zu können.