Logfile nach Infizierung Einstellungen

[Gast_Poulsen_*]

Ist das logfile sauber. Sorry ich hatte es versehentlich hier gepostet

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:06, on 16.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure\Common\FSMA32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\F-Secure\Common\FSMB32.EXE
f:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure\Common\FCH32.EXE
C:\Programme\F-Secure\Common\FAMEH32.EXE
C:\Programme\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\cFosSpeed\cFosSpeed.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
C:\Programme\F-Secure\Common\FSM32.EXE
C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure\FSGUI\fsguidll.exe
E:\Programme\Internet Download Manager\IDMan.exe
E:\Programme\PopTray\PopTray.exe
C:\Programme\F-Secure\FSAUA\program\fsaua.exe
C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
C:\Programme\F-Secure\Anti-Virus\fssm32.exe
C:\Programme\F-Secure\FSAUA\program\fsus.exe
C:\Programme\F-Secure\Anti-Virus\fsav32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - d:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [IDMan] e:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PopTray.lnk = E:\Programme\PopTray\PopTray.exe
O4 - Startup: Wallpaper Aktualisieren.lnk = C:\Programme\Desk-Timer\Desk-Timer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202565922174
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - f:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10668 bytes

[Gast_Poulsen_*]

Nachdem ich: "O2 - BHO: Gold-Manager - (D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE) - C: \ WINDOWS \ system32 \ goldman.dll" gefixt und in einem Rutsch das YahooGedöns deinstalliert habe, hier das neue Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:13, on 16.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure\Common\FSMA32.EXE
C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\cFosSpeed\cFosSpeed.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure\Anti-Virus\fssm32.exe
C:\Programme\F-Secure\Common\FSLAUNCH.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - d:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] e:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PopTray.lnk = E:\Programme\PopTray\PopTray.exe
O4 - Startup: Wallpaper Aktualisieren.lnk = C:\Programme\Desk-Timer\Desk-Timer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202565922174
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - f:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9278 bytes

[raman]

Nutz bitte nocheinmal Combofix:

Downloade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es auf den Desktop
Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen
Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinen Thread einfuegen.
http://www.bleepingcomputer.com/combofix/d...ix-benutzt-wird

Es ist zwar nicht unbedingt wichtig, aber wenn du kannst, starte die Combofix.exe mit Option /Skipfix

Nachtrag: du nutzt noch Nero?
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

[Gast_Poulsen_*]

Hallo raman,
Combofix war bereits in Arbeit. Hier die logDatei:
Und zu Deiner zweiten Anmerkung: Ja Nero nutze ich.




ComboFix 08-08-14.05 - Detlev 2008-08-16 11:34:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1553 [GMT 2:00]
ausgeführt von:: G:\Opera-Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active


Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\inst.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-16 bis 2008-08-16 ))))))))))))))))))))))))))))))
.

2008-08-16 02:00 . 2008-08-16 05:11 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\DoctorWeb
2008-08-14 22:21 . 2008-08-14 22:21 <DIR> d-------- C:\Programme\DiskTrix
2008-08-14 21:30 . 2008-08-14 21:30 4,958,588 --a------ C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20021102}.BAK
2008-08-14 16:14 . 2008-08-14 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\MOBackup
2008-08-14 15:59 . 2008-08-11 10:34 210,944 --a------ C:\WINDOWS\mobackup.EXE
2008-08-14 15:59 . 2008-08-14 15:59 1,710 -r------- C:\WINDOWS\MOBackup-Datensicherungf�rOutlook_Uninstall.in
2008-08-14 15:47 . 2008-08-14 15:47 <DIR> d-------- C:\Programme\Trend Micro
2008-08-12 22:50 . 2008-08-12 22:50 <DIR> d-------- C:\Program Files
2008-08-12 20:37 . 2008-08-12 20:37 <DIR> d-------- C:\Programme\MSXML 4.0
2008-08-12 20:37 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 20:37 . 2008-08-12 20:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-12 20:36 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 20:18 . 2008-08-12 20:18 <DIR> d-------- C:\Programme\YooApplications
2008-08-12 20:18 . 2005-04-15 19:58 1,351,392 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-08-12 20:18 . 2003-12-26 01:13 212,992 --a------ C:\WINDOWS\system32\YExBar.ocx
2008-08-12 20:18 . 1998-06-24 11:55 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-08-12 20:18 . 2004-03-09 17:45 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-08-12 20:18 . 1998-05-05 17:35 112,640 --a------ C:\WINDOWS\system32\CMCTLde.DLL
2008-08-12 20:18 . 2003-04-18 17:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-12 20:18 . 2003-04-18 17:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-08-12 20:18 . 1998-07-06 18:55 33,792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL
2008-08-12 20:18 . 1998-05-05 17:35 24,576 --a------ C:\WINDOWS\system32\CMCT2DE.dll
2008-08-12 19:12 . 2008-08-12 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\F-Secure
2008-08-12 19:07 . 2008-08-16 01:52 <DIR> d-------- C:\Programme\F-Secure
2008-08-12 19:07 . 2008-08-12 19:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
2008-08-12 19:07 . 2008-05-30 21:15 79,904 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-08-12 19:06 . 2008-08-12 19:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\f-secure
2008-08-11 17:17 . 2008-08-11 17:17 2,335,270 --a------ C:\WINDOWS\system32\a1019B.mht
2008-08-11 14:39 . 2008-08-14 15:35 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\IDM
2008-08-11 14:39 . 2008-08-16 11:37 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\DMCache
2008-08-11 14:21 . 2008-08-11 14:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-10 19:01 . 2008-08-10 19:01 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\SmartTools
2008-08-09 19:12 . 2008-08-09 19:12 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\InstallShield
2008-08-09 19:12 . 2008-04-14 07:52 185,344 --a--c--- C:\WINDOWS\system32\dllcache\framedyn.dll
2008-08-09 19:11 . 2007-09-28 15:33 2,796,032 --a------ C:\WINDOWS\system32\ImageEnXLibrary.ocx
2008-08-09 19:11 . 2007-10-05 16:00 1,444,864 --a------ C:\WINDOWS\system32\osenxpsuite2007.ocx
2008-08-09 19:11 . 2007-01-16 16:31 630,784 --a------ C:\WINDOWS\system32\osmax.ocx
2008-08-09 19:11 . 2007-10-05 16:00 247,808 --a------ C:\WINDOWS\system32\osenxpsuite2007.dll
2008-08-09 19:11 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-08-09 19:11 . 2007-06-20 02:32 140,824 --a------ C:\WINDOWS\system32\secman.dll
2008-08-09 19:09 . 2008-08-09 19:10 <DIR> d-------- C:\Programme\SmartTools
2008-08-09 19:06 . 2008-08-09 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Scan2PDF
2008-08-09 19:04 . 2008-08-09 19:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2008-08-09 18:58 . 2008-08-09 18:58 <DIR> d-------- C:\Programme\Java
2008-08-09 18:58 . 2008-08-09 18:58 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-08-09 18:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-09 18:56 . 2008-08-09 18:56 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-06 22:27 . 2008-08-06 22:28 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-08-06 22:27 . 2008-08-10 13:31 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-06 22:00 . 2008-08-06 22:00 <DIR> d-------- C:\Programme\ClearProg
2008-08-02 15:23 . 2008-08-02 15:23 2,287,616 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-08-02 15:18 . 2008-08-14 18:41 <DIR> d--h----- C:\WINDOWS\Icons
2008-08-02 15:10 . 2008-08-02 15:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-02 14:48 . 2008-08-02 14:48 <DIR> d-------- C:\Programme\IEPro
2008-08-02 14:48 . 2008-08-02 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\IEPro
2008-08-02 14:48 . 2008-08-10 22:59 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Canon
2008-08-02 14:14 . 2008-08-02 14:15 <DIR> d-------- C:\Programme\TuneUp Utilities 2008
2008-08-02 14:14 . 2008-08-02 14:14 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\TuneUp Software
2008-08-02 14:14 . 2008-08-02 14:14 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-02 14:14 . 2008-05-17 14:56 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-02 14:13 . 2008-08-02 14:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-08-02 13:37 . 2008-08-02 13:37 <DIR> d-------- C:\Programme\MSECache
2008-08-02 13:31 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-02 13:31 . 2008-08-02 13:31 400 --a------ C:\WINDOWS\ODBC.INI
2008-08-02 13:30 . 2008-08-02 13:30 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-02 13:30 . 2008-08-02 13:36 <DIR> d-------- C:\Programme\Microsoft Works
2008-08-02 13:29 . 2008-08-02 13:29 <DIR> d-------- C:\Programme\Microsoft.NET
2008-08-02 13:24 . 2008-08-02 13:24 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Lingo4u
2008-08-02 13:21 . 2008-08-02 13:21 <DIR> d-------- C:\Programme\Desk-Timer
2008-08-02 13:03 . 2008-04-14 07:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-08-02 12:57 . 2008-08-02 12:57 <DIR> d-------- C:\Programme\UPHClean
2008-08-02 12:51 . 2008-08-02 12:51 <DIR> d-------- C:\Hintergrundbilder
2008-08-02 12:47 . 2008-08-02 12:47 <DIR> d-------- C:\Programme\Total Uninstall 4
2008-08-02 12:47 . 2008-08-02 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Martau
2008-08-02 12:46 . 2008-08-02 12:46 <DIR> d-------- C:\Programme\ERUNT
2008-08-02 12:46 . 2008-08-02 12:46 <DIR> d-------- C:\Programme\CCleaner
2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\Programme\GiPo@Utilities
2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Gibinsoft Shared
2008-08-02 12:42 . 1997-01-16 23:24 532,240 -ra------ C:\WINDOWS\system32\MSEXCH35.DLL
2008-08-02 12:42 . 1996-11-08 09:48 368,912 -ra------ C:\WINDOWS\system32\VBAR332.DLL
2008-08-02 12:42 . 1996-12-03 00:44 290,816 -ra------ C:\WINDOWS\system32\MSXBSE35.DLL
2008-08-02 12:42 . 1996-12-31 19:19 254,976 -ra------ C:\WINDOWS\system32\MSEXCL35.DLL
2008-08-02 12:42 . 1996-12-03 00:44 253,952 -ra------ C:\WINDOWS\system32\MSPDOX35.DLL
2008-08-02 12:42 . 1997-08-21 18:44 229,376 --------- C:\WINDOWS\system32\rpza32.qtc
2008-08-02 12:42 . 1997-11-09 14:59 211,456 --------- C:\WINDOWS\system32\qd3d_ir2.q3x
2008-08-02 12:42 . 1996-12-31 19:19 169,984 -ra------ C:\WINDOWS\system32\MSLTUS35.DLL
2008-08-02 12:42 . 1996-12-03 00:44 166,912 -ra------ C:\WINDOWS\system32\MSTEXT35.DLL
2008-08-02 12:41 . 1997-07-30 21:21 553,984 --------- C:\WINDOWS\system32\rave.dll
2008-08-02 12:41 . 1997-11-09 15:00 412,160 --------- C:\WINDOWS\system32\scint78.dll
2008-08-02 12:41 . 1997-08-21 18:44 165,888 --------- C:\WINDOWS\system32\smc32.qtc
2008-08-02 12:41 . 1997-06-03 10:31 108,032 --------- C:\WINDOWS\system32\sh33w32.dll
2008-08-02 12:41 . 1997-08-21 18:44 83,456 --------- C:\WINDOWS\system32\iv32qt32.qtc
2008-08-02 12:41 . 1997-11-09 15:00 71,168 --------- C:\WINDOWS\system32\3dviewer.dll
2008-08-02 12:41 . 1997-08-21 18:44 35,840 --------- C:\WINDOWS\system32\navg32.qtc
2008-08-02 12:41 . 1997-08-21 18:44 32,768 --------- C:\WINDOWS\system32\cmgr32.dll
2008-08-02 12:41 . 1997-08-21 18:44 24,064 --------- C:\WINDOWS\system32\dci32.qtc
2008-08-02 12:41 . 1997-08-21 18:44 20,480 --------- C:\WINDOWS\system32\raw32.qtc
2008-08-02 12:40 . 1997-11-09 14:59 909,312 --------- C:\WINDOWS\system32\qd3d.dll
2008-08-02 12:40 . 1997-08-21 18:44 345,600 --------- C:\WINDOWS\system32\qtim32.dll
2008-08-02 12:40 . 1997-08-21 18:44 151,040 --------- C:\WINDOWS\system32\cvid32.qtc
2008-08-02 12:40 . 1997-08-21 18:44 128,000 --------- C:\WINDOWS\system32\mc32.qtc
2008-08-02 12:40 . 1997-11-20 17:53 102,912 --------- C:\WINDOWS\system32\verscpl.cpl
2008-08-02 12:40 . 1996-12-10 19:21 39,095 --------- C:\WINDOWS\iccsigs.dat
2008-08-02 12:40 . 1997-08-21 18:44 34,816 --------- C:\WINDOWS\system32\jpeg32.qtc
2008-08-02 12:39 . 2008-08-02 12:39 <DIR> d-------- C:\WINDOWS\Favorites
2008-08-02 12:39 . 1997-08-21 18:44 103,936 --------- C:\WINDOWS\system32\rle32.qtc
2008-08-02 12:39 . 1997-08-21 18:44 38,912 --------- C:\WINDOWS\system32\dhio32.qtc
2008-08-02 12:39 . 1997-11-18 16:24 32 --------- C:\WINDOWS\barcode.ini
2008-08-02 12:38 . 2008-08-02 12:42 <DIR> d-------- C:\WINDOWS\Corel
2008-08-02 12:36 . 1998-04-04 20:21 288,256 --a------ C:\WINDOWS\system32\Ltkrn90n.dll
2008-08-02 12:36 . 1998-04-04 20:22 146,432 --a------ C:\WINDOWS\system32\Ltefx90n.dll
2008-08-02 12:36 . 1998-04-04 20:22 142,336 --a------ C:\WINDOWS\system32\Ltdlg90n.dll
2008-08-02 12:36 . 1998-04-04 20:22 107,008 --a------ C:\WINDOWS\system32\Ltimg90n.dll
2008-08-02 12:36 . 1998-04-04 20:21 98,304 --a------ C:\WINDOWS\system32\Ltfil90n.dll
2008-08-02 12:36 . 1998-04-04 20:22 35,328 --a------ C:\WINDOWS\system32\Lttwn90n.dll
2008-08-02 12:34 . 2008-08-02 12:34 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\WINDOWS
2008-08-02 12:34 . 2002-04-25 10:45 269,312 --a------ C:\WINDOWS\uninst.exe
2008-08-02 12:31 . 2002-10-01 09:22 9,856 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-08-02 12:26 . 2008-08-02 12:26 <DIR> d-------- C:\Programme\Canon
2008-08-02 12:25 . 2008-08-02 12:25 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ScanSoft Shared
2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\ScanSoft
2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 09:37 --------- d-----w C:\Programme\cFosSpeed
2008-08-10 10:58 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-08-02 08:35 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-08-01 12:47 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-08-01 12:04 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-08-01 12:04 44,416 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-08-01 12:04 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-03 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-03 16:04 290,008 ----a-w C:\WINDOWS\system32\cfosspeed.dll
2008-06-26 11:06 93,128 ------w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2003-01-13 08:59 278,528 ------w C:\Programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 98,304 ------w C:\Programme\internet explorer\plugins\UPjpeg.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-10-08 17:35 139264]
"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"IDMan"="e:\Programme\Internet Download Manager\IDMan.exe" [2008-08-11 16:55 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2003-05-16 01:45 114688]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2003-05-16 01:41 163840]
"cFosSpeed"="C:\Programme\cFosSpeed\cFosSpeed.exe" [2008-07-03 18:04 867544]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"F-Secure Manager"="C:\Programme\F-Secure\Common\FSM32.EXE" [2008-05-30 21:17 182936]
"F-Secure TNB"="C:\Programme\F-Secure\FSGUI\TNBUtil.exe" [2008-05-30 21:16 957024]
"Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2000-10-07 01:13 106544 C:\WINDOWS\system32\TWEAKUI.CPL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-08-31 18:38 140568 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-08-31 18:43 907040 C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-editiert-Tray]
--a------ 2006-09-28 21:21 57344 f:\Programme\-editiert-\-editiert-\-editiert-Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 07:52 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mount.exe]
--a------ 2003-05-24 02:09 315904 C:\Programme\GiPo@Utilities\GiPo@FileUtilities\mount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
--a------ 2002-06-03 11:38 49152 D:\Programme\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2006-03-10 17:15 1249280 C:\Programme\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-02 11:24 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-08-31 18:35 2622232 C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=
"C:\\Programme\\IEPro\\MiniDM.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-30 21:15]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-08-01 14:04]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Programme\F-Secure\HIPS\drivers\fshs.sys [2008-05-30 21:16]
R2 NMSAccessU;NMSAccessU;f:\Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2006-08-11 15:56]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe [2007-08-31 19:49]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 AVMWAN;AVM NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2003-02-27 02:00]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-05-30 21:14]
R3 FSORSPClient;F-Secure ORSP Client;C:\Programme\F-Secure\ORSP Client\fsorsp.exe [2008-05-30 21:17]
R3 FXPCBASE;AVM FRITZ!X PC v2.0/v3.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fxpcbase.sys [2003-02-27 02:00]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 01:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-02 14:14]
S4 F-Secure Filter;F-Secure File System Filter;C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-05-30 21:14]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-05-30 21:14]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2008-08-16 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-05-17 15:04]

2008-08-16 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe [2008-05-30 21:14]
.
.
------- Zus„tzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://de.yahoo.com/
O8 -: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm
O8 -: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm
O8 -: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 11:37:22
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure\Common\FSMA32.EXE
C:\Programme\F-Secure\Anti-Virus\fsgk32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\F-Secure\Common\FSMB32.EXE
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\F-Secure\Common\FCH32.EXE
C:\Programme\F-Secure\Common\FAMEH32.EXE
C:\Programme\F-Secure\Anti-Virus\fsqh.exe
C:\Programme\F-Secure\FSGUI\fsguidll.exe
C:\Programme\F-Secure\Anti-Virus\fssm32.exe
C:\Programme\F-Secure\FSAUA\program\fsaua.exe
C:\Programme\F-Secure\FWES\program\fsdfwd.exe
E:\Programme\PopTray\PopTray.exe
C:\Programme\F-Secure\FSAUA\program\fsus.exe
C:\PROGRA~1\F-Secure\ANTI-V~1\fsav32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-16 11:38:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-08-16 09:38:51

Pre-Run: 10 Verzeichnis(se), 16,649,424,896 Bytes frei
Post-Run: 13 Verzeichnis(se), 16,605,233,152 Bytes frei

325 --- E O F --- 2008-08-06 19:57:00

[Gast_Poulsen_*]

Es ist zwar nicht unbedingt wichtig, aber wenn du kannst, starte die Combofix.exe mit Option /Skipfix

Ups...das habe ich jetzt leider nicht gemacht. Ist das tragisch?

[raman]

Nein, es ist nur eine kleine Sicherheitfunktion. Sprich es wird nur geprueft und nicht geloescht...

Ansonsten seh ich nichts auffaelliges...

[Gast_Poulsen_*]

@raman
ich danke Dir für die Hilfe.