Bitte um Auswertung von HiJackThis-Logfile

raai · 18.02.2008, 19:34

Hallo!
Ich habe seit Tagen für mich unerklärliche Störungen in der Netzwerkverbindung - rapide Traffic-Verschlechterung binnen Sekunden, bis zum minutenlangen Ausfällen und weiß nicht mehr weiter...

Ist Malware die Ursache?
Danke schon im Voraus für jede Hilfestellung.
Ralph

Hier ist mein Log-File:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:07:27, on 18.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Eigene Dateien\Software\IT-SICHERHEIT\hijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.aldi.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iHP-100] C:\Programme\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4

\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %

windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=h**p://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer =

10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer =

10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C2253B-E643-4DEF-A711-3A9B8CD09E87}: NameServer =

10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1

\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

- C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner -

C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home

Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home

Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame

Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32

\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -

C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10

\Common\x10nets.exe

--
End of file - 8024 bytes

undoreal · 18.02.2008, 20:42

Halli hallo.

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten..

4) Lasse Silentrunners laufen und poste die logFiles..

5) Folge dieser Anleitung.

6) Run Combofix. Poste den erscheinenden Text.

7) Durchsuche mit Lavasoft und Spybot-S&D sowie deinem AV-Prog (alle drei mit aktuellen Signaturen!) dein System jeweils 2x. Erst im normalen und dann im abgesicherten Modus (F8 beim Hochfahren).

8) Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

9) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).

10) Danach machst du einen eScan nach Anleitung in meiner Signatur und postest das log.

raai · 19.02.2008, 07:56

Danke für die Anleitung. Ich bin dran, mnuss jetzt aber zur Arbeit und kommt evtl erst Morgen wieder dazu, weiterzumachen.
Ich poste dann alle Log-Files auf einmal...
Gruß
Ralph

raai · 20.02.2008, 23:58

Hallo, hier sind die log-files in der Reihenfolge deiner Anleitung:

Blacklight:

Zitat:

02/19/08 06:40:23 [Info]: BlackLight Engine 1.0.67 initialized
02/19/08 06:40:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/19/08 06:40:23 [Note]: 7019 4
02/19/08 06:40:23 [Note]: 7005 0
02/19/08 06:40:31 [Note]: 7006 0
02/19/08 06:40:31 [Note]: 7011 1720
02/19/08 06:40:31 [Note]: 7026 0
02/19/08 06:40:31 [Note]: 7026 0
02/19/08 06:40:35 [Note]: FSRAW library version 1.7.1024
02/19/08 06:49:26 [Note]: 2000 1012
02/19/08 06:49:26 [Note]: 2000 1012
02/19/08 06:49:26 [Note]: 2000 1012
02/19/08 06:50:06 [Note]: 7007 0

Silentrunners:

Zitat:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [file not found]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"MedionVFD" = ""C:\Programme\Medion Info Display\MdionLCM.exe"" ["Dritek System Inc."]
"CHotkey" = "mHotkey.exe" [empty string]
"ledpointer" = "CNYHKey.exe" ["Chicony"]
"CmUCRRun" = "C:\WINDOWS\system32\CmUCReye.exe" [empty string]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iHP-100" = "C:\Programme\iRiver\iHP100\iHPDetect.exe" ["Reigncom, Jonadan Jeon"]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)" ["Vimicro"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" [file not found]
"AntivirusRegistration" = "C:\Programme\CA\Etrust Antivirus\Register.exe" [file not found]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{10020E84-840F-474A-9B5C-B043F0EBFC65}" = "iRivEncShlExt extension"
-> {HKLM...CLSID} = "iRivEncShlExt Class"
\InProcServer32\(Default) = "C:\Programme\iRiver\iHP100\iRivEncrypt.dll" ["iRiver"]
"{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension"
-> {HKLM...CLSID} = "EzCddax Class"
\InProcServer32\(Default) = "C:\Programme\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}"
-> {HKLM...CLSID} = "EzCddax Class"
\InProcServer32\(Default) = "C:\Programme\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]
iRivEncrypt\(Default) = "{10020E84-840F-474A-9B5C-B043F0EBFC65}"
-> {HKLM...CLSID} = "iRivEncShlExt Class"
\InProcServer32\(Default) = "C:\Programme\iRiver\iHP100\iRivEncrypt.dll" ["iRiver"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
iRivEncrypt\(Default) = "{10020E84-840F-474A-9B5C-B043F0EBFC65}"
-> {HKLM...CLSID} = "iRivEncShlExt Class"
\InProcServer32\(Default) = "C:\Programme\iRiver\iHP100\iRivEncrypt.dll" ["iRiver"]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Elfenvolk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Enabled Scheduled Tasks:
------------------------

"HP Usg Login" -> launches: "C:\Programme\hp photosmart 11\printer\Hphusg04.exe /t" ["Hewlett-Packard"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared Files\RichVideo.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PDFCreator\Driver = "redmonnt.dll" [null data]

---------- (launch time: 2008-02-19 06:50:28)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 49 seconds, including 18 seconds for message boxes)

SmitFraudFix v2.290

Scan done at 6:52:30,01, 19.02.2008
Run from D:\Eigene Dateien\Software\IT-SICHERHEIT\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Elfenvolk

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Elfenvolk\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\ELFENV~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12C2253B-E643-4DEF-A711-3A9B8CD09E87}: NameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

SmitfraudFix 2:
SmitFraudFix v2.290

Scan done at 6:59:47,51, 19.02.2008
Run from D:\Eigene Dateien\Software\IT-SICHERHEIT\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12C2253B-E643-4DEF-A711-3A9B8CD09E87}: NameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer=10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

raai · 21.02.2008, 00:03

... und hier geht's weiter

Zitat:

ComboFix 08-02-18.1 - Elfenvolk 2008-02-19 7:07:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.208 [GMT 1:00]
ausgeführt von:: D:\Eigene Dateien\Software\IT-SICHERHEIT\ComboFix\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\inst.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-01-19 bis 2008-02-19 ))))))))))))))))))))))))))))))
.

2008-02-19 06:52 . 2008-02-19 06:59 3,744 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-06 06:51 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-06 06:51 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-06 06:51 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-06 06:51 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-06 06:51 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-06 06:51 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-06 06:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-06 06:51 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 12:40 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
2008-02-15 23:49 --------- d-----w C:\Programme\No23 Recorder
2008-02-14 05:43 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\dvdcss
2008-02-13 17:33 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vso
2008-02-06 05:51 --------- d-----w C:\Programme\Alwil Software
2008-02-06 05:25 --------- d-----w C:\Dokumente und Einstellungen\Elfenvolk\Anwendungsdaten\Vso
2008-01-15 05:27 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-01-04 13:21 --------- d-----w C:\Programme\Easy CD-DA Extractor 8
2008-01-02 21:40 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-01-02 21:40 --------- d-----w C:\Programme\DVDVideoSoft
2008-01-02 21:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-01-02 21:00 --------- d-----w C:\Programme\ScanWizard 5
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-17 16:49 47,360 ----a-w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pcouffin.sys
2007-05-06 10:47 111,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_06_12_40_03_small.dmp.zip
2007-05-06 10:47 102,187 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_06_12_40_02_small.dmp.zip
2006-02-24 13:24 10,582 ----a-w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\wklnhst.dat
2006-02-24 00:12 2,874 ----a-w C:\Dokumente und Einstellungen\Elfenvolk\Anwendungsdaten\wklnhst.dat
2006-01-30 19:45 94,664 ----a-w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2005-10-31 06:10 0 ----a-w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\wklnhst.dat
2005-10-31 06:10 0 ----a-w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\wklnhst.dat
2006-01-01 18:19 56 --sh--r C:\WINDOWS\system32\53C35F68DE.sys
2005-10-09 10:25 8 --sh--r C:\WINDOWS\system32\A3DA537E26.sys
2006-01-01 18:19 10,956 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-22 23:21 7282688]
"nwiz"="nwiz.exe" [2005-09-22 23:21 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 23:21 86016 C:\WINDOWS\system32\nvmctray.dll]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"MedionVFD"="C:\Programme\Medion Info Display\MdionLCM.exe" [2005-10-11 17:11 126976]
"CHotkey"="mHotkey.exe" [2004-06-03 20:07 549376 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 21:28 5577216 C:\WINDOWS\CNYHKey.exe]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2005-10-12 13:44 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 20:33 188416]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-10-09 10:25 180269]
"iHP-100"="C:\Programme\iRiver\iHP100\iHPDetect.exe" [2003-09-30 16:16 28672]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 16:53 53248]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-21 20:18 155648]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"AntivirusRegistration"="C:\Programme\CA\Etrust Antivirus\Register.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 15:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Scanner Finder.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk
backup=C:\WINDOWS\pss\Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-04 02:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2002-11-22 20:33 348160 C:\WINDOWS\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
--a------ 2002-11-22 20:50 49152 C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-10-28 20:53 139264 C:\Programme\Home Cinema\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-21 20:18 155648 C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe

R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-12-17 10:36]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-17 14:52]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2005-10-04 17:37]
S2 DCamUSB20;TRUST USB2 AUDIO VIDEO EDITOR;C:\WINDOWS\system32\Drivers\CsMini20.sys [2003-03-19 11:07]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-09-29 04:39]
S3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-12-09 10:21]

.
Inhalt des "geplante Tasks" Ordners
"2008-02-19 06:05:49 C:\WINDOWS\Tasks\HP Usg Login.job"
- C:\Programme\hp photosmart 11\printer\Hphusg04.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 07:10:37
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-19 7:11:08
ComboFix-quarantined-files.txt 2008-02-19 06:11:06
.
2008-02-13 13:18:14 --- E O F ---

und das frische von HijackThis:

Zitat:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:32:41, on 20.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Eigene Dateien\Software\IT-SICHERHEIT\hijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.aldi.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iHP-100] C:\Programme\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2694876712-920901473-2629077550-1006\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background (User 'Admin')
O4 - HKUS\S-1-5-21-2694876712-920901473-2629077550-1006\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background (User 'Admin')
O4 - HKUS\S-1-5-21-2694876712-920901473-2629077550-1006\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (User 'Admin')
O4 - HKUS\S-1-5-21-2694876712-920901473-2629077550-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Admin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=h**p://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DACF78-1E5E-43D2-9217-E1FAB6CDB79D}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DECA0C0-259F-49CD-8C4D-FC0362CD17D1}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C2253B-E643-4DEF-A711-3A9B8CD09E87}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8459 bytes

raai · 21.02.2008, 00:33

Das iClean-Log-File hat zuviele Zeichen - hier Ausschnitte - die Einträge bei 032 und 033 redirected sind endlos.:

Zitat:

iclean log 20.02.2008 23:35:00

Windows XP SP2, Using advanced Kernel functions

Processes
---------
404 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe
464 - \??\C:\WINDOWS\system32\csrss.exe - \??\C:\WINDOWS\system32\csrss.exe
488 - \??\C:\WINDOWS\system32\winlogon.exe - \??\C:\WINDOWS\system32\winlogon.exe
532 - C:\WINDOWS\system32\services.exe - Anwendung für Dienste und Controller
544 - C:\WINDOWS\system32\lsass.exe - LSA Shell (Export Version)
692 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
808 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
848 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
896 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
956 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1008 - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe - Ad-Aware 2007 Service (Signed)
1028 - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe - avast! Antivirus updating service (Signed)
1088 - C:\Programme\Alwil Software\Avast4\ashServ.exe - avast! antivirus service (Signed)
1296 - C:\WINDOWS\system32\spoolsv.exe - Spooler SubSystem App
1408 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1420 - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe - CLCapSvc Module
1448 - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe - NT CLMLServer
1496 - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1568 - C:\WINDOWS\system32\nvsvc32.exe - NVIDIA Driver Helper Service, Version 81.82
1608 - C:\Programme\CyberLink\Shared Files\RichVideo.exe - RichVideo Module
1648 - C:\WINDOWS\system32\svchost.exe - Generic Host Process for Win32 Services
1768 - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe - CLSched Module
996 - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe - avast! e-Mail Scanner Service (Signed)
1120 - C:\Programme\Alwil Software\Avast4\ashWebSv.exe - avast! Web Scanner (Signed)
2040 - C:\WINDOWS\System32\alg.exe - Application Layer Gateway Service
2488 - C:\WINDOWS\system32\wbem\wmiprvse.exe - WMI
2192 - C:\WINDOWS\Explorer.EXE - Windows Explorer
3104 - C:\Programme\Medion Info Display\MdionLCM.exe - LCM Controller for Medion
3124 - C:\WINDOWS\mHotkey.exe - Multimedia Keyboard Driver
3564 - C:\WINDOWS\CNYHKey.exe - Chicony Multimedia Driver
424 - C:\WINDOWS\system32\CmUCReye.exe - CmCardMonitor MFC Application
1708 - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
2424 - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe - RealNetworks Scheduler
3368 - C:\Programme\iRiver\iHP100\iHPDetect.exe - iHP-100 Drive Letter Search App.
3372 - C:\WINDOWS\VM_STI.EXE - Vimicro
2436 - C:\WINDOWS\RTHDCPL.EXE - Realtek HD Audio Control Panel
640 - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - avast! service GUI component (Signed)
2792 - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe - System settings protector (Signed)
2496 - C:\WINDOWS\system32\ctfmon.exe - CTF Loader
628 - C:\Programme\Messenger\msmsgs.exe - Windows Messenger
2520 - D:\Eigene Dateien\Software\IT-SICHERHEIT\iClean\iclean.exe - Interactive Cleaner

Services
--------
c:\programme\lavasoft\ad-aware 2007\aawservice.exe=aawservice
C:\WINDOWS\system32\alg.exe=ALG
c:\programme\alwil software\avast4\aswupdsv.exe=aswUpdSv
C:\WINDOWS\system32\svchost.exe=AudioSrv
c:\programme\alwil software\avast4\ashserv.exe=avast! Antivirus
c:\programme\alwil software\avast4\ashmaisv.exe=avast! Mail Scanner
c:\programme\alwil software\avast4\ashwebsv.exe=avast! Web Scanner
C:\WINDOWS\system32\svchost.exe=BITS
C:\WINDOWS\system32\svchost.exe=Browser
C:\WINDOWS\system32\svchost.exe=BthServ
c:\programme\home cinema\powercinema\kernel\tv\clcapsvc.exe=CLCapSvc
c:\programme\home cinema\powercinema\kernel\tv\clsched.exe=CLSched
C:\WINDOWS\system32\svchost.exe=CryptSvc
c:\programme\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe=CyberLink Media Library Service
C:\WINDOWS\system32\svchost.exe=DcomLaunch
C:\WINDOWS\system32\svchost.exe=Dhcp
C:\WINDOWS\system32\svchost.exe=Dnscache
C:\WINDOWS\system32\svchost.exe=ERSvc
C:\WINDOWS\system32\services.exe=Eventlog
c:\windows\system32\svchost.exe=EventSystem
C:\WINDOWS\system32\svchost.exe=FastUserSwitchingCompatibility
C:\WINDOWS\system32\svchost.exe=helpsvc
C:\WINDOWS\system32\svchost.exe=HidServ
C:\WINDOWS\system32\svchost.exe=lanmanserver
C:\WINDOWS\system32\svchost.exe=lanmanworkstation
c:\programme\gemeinsame dateien\lightscribe\lssrvc.exe=LightScribeService
C:\WINDOWS\system32\svchost.exe=LmHosts
C:\WINDOWS\system32\svchost.exe=Netman
C:\WINDOWS\system32\svchost.exe=Nla
C:\WINDOWS\system32\nvsvc32.exe=NVSvc
C:\WINDOWS\system32\services.exe=PlugPlay
C:\WINDOWS\system32\lsass.exe=PolicyAgent
C:\WINDOWS\system32\lsass.exe=ProtectedStorage
C:\WINDOWS\system32\svchost.exe=RasMan
c:\programme\cyberlink\shared files\richvideo.exe=RichVideo
C:\WINDOWS\system32\svchost.exe=RpcSs
C:\WINDOWS\system32\lsass.exe=SamSs
C:\WINDOWS\system32\svchost.exe=Schedule
C:\WINDOWS\system32\svchost.exe=seclogon
C:\WINDOWS\system32\svchost.exe=SENS
C:\WINDOWS\system32\svchost.exe=SharedAccess
C:\WINDOWS\system32\svchost.exe=ShellHWDetection
C:\WINDOWS\system32\spoolsv.exe=Spooler
C:\WINDOWS\system32\svchost.exe=srservice
C:\WINDOWS\system32\svchost.exe=SSDPSRV
C:\WINDOWS\system32\svchost.exe=stisvc
C:\WINDOWS\system32\svchost.exe=TapiSrv
C:\WINDOWS\system32\svchost.exe=TermService
C:\WINDOWS\system32\svchost.exe=Themes
C:\WINDOWS\system32\svchost.exe=TrkWks
C:\WINDOWS\system32\svchost.exe=W32Time
C:\WINDOWS\system32\svchost.exe=WebClient
C:\WINDOWS\system32\svchost.exe=winmgmt
C:\WINDOWS\system32\svchost.exe=wscsvc
C:\WINDOWS\system32\svchost.exe=wuauserv
C:\WINDOWS\system32\svchost.exe=WZCSVC

Registry
--------
000=HKCU\Run: ctfmon.exe=c:\windows\system32\ctfmon.exe
000=HKCU\Run: MSMSGS="c:\programme\messenger\msmsgs.exe" /background
000=HKCU\Run: SpybotSD TeaTimer=c:\programme\spybot - search & destroy\teatimer.exe
000=HKLM\Run: avast!=c:\progra~1\alwils~1\avast4\ashdisp.exe
000=HKLM\Run: BigDogPath=c:\windows\vm_sti.exe vimicro usb pc camera (zc0301pl)
000=HKLM\Run: CHotkey=c:\windows\mhotkey.exe
000=HKLM\Run: CmUCRRun=c:\windows\system32\cmucreye.exe
000=HKLM\Run: HPDJ Taskbar Utility=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
000=HKLM\Run: iHP-100=c:\programme\iriver\ihp100\ihpdetect.exe
000=HKLM\Run: IMJPMIG8.1="c:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
000=HKLM\Run: ledpointer=c:\windows\cnyhkey.exe
000=HKLM\Run: MedionVFD="c:\programme\medion info display\mdionlcm.exe"
000=HKLM\Run: MSPY2002=c:\windows\system32\ime\pintlgnt\imscinst.exe
000=HKLM\Run: NeroFilterCheck=c:\windows\system32\nerocheck.exe
000=HKLM\Run: NvCplDaemon=c:\windows\system32\nvcpl.dll
000=HKLM\Run: NvMediaCenter=c:\windows\system32\rundll32.exe
000=HKLM\Run: nwiz=c:\windows\system32\nwiz.exe
000=HKLM\Run: PHIME2002A=c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
000=HKLM\Run: PHIME2002ASync=c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
000=HKLM\Run: QuickTime Task="c:\programme\quicktime\qttask.exe" -atboottime
000=HKLM\Run: RTHDCPL=c:\windows\rthdcpl.exe
000=HKLM\Run: TkBellExe="c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
001=Firewall bypass: C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe=c:\programme\ahead\nero mediahome\neromediahome.exe
001=Firewall bypass: C:\Programme\Home Cinema\PowerCinema\PCMService.exe=c:\programme\home cinema\powercinema\pcmservice.exe
001=Firewall bypass: C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe=c:\programme\home cinema\powercinema\powercinema.exe
001=Firewall bypass: C:\Programme\iTunes\iTunes.exe=c:\programme\itunes\itunes.exe
001=Firewall bypass: C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe=c:\programme\macromedia\dreamweaver mx 2004\dreamweaver.exe
001=Firewall bypass: C:\Programme\Messenger\msmsgs.exe=c:\programme\messenger\msmsgs.exe
001=Firewall bypass: C:\Programme\Mozilla Firefox\firefox.exe=c:\programme\mozilla firefox\firefox.exe
001=Firewall bypass: C:\Programme\MSN Messenger\msnmsgr.exe=c:\programme\msn messenger\msnmsgr.exe
001=Firewall bypass: C:\Programme\NetMeeting\Conf.exe=c:\programme\netmeeting\conf.exe
001=Firewall bypass: C:\Programme\Real\RealPlayer\realplay.exe=c:\programme\real\realplayer\realplay.exe
001=Firewall bypass: C:\Programme\Skype\Phone\Skype.exe=c:\programme\skype\phone\skype.exe
001=Firewall bypass: C:\WINDOWS\system32\fxsclnt.exe=c:\windows\system32\fxsclnt.exe
001=Firewall bypass: C:\WINDOWS\system32\sessmgr.exe=c:\windows\system32\sessmgr.exe
001=Firewall bypass: D:\Eigene Dateien\Software\Internet\WS_FTP\WS_FTP95.exe=d:\eigene dateien\software\internet\ws_ftp\ws_ftp95.exe
001=Firewall bypass: D:\Eigene Dateien\Software\Musik & Audio\No23 - recorder, live, player\No23Live.exe=
001=Firewall bypass: H:\PortableSkype\Phone\Skype.exe=h:\portableskype\phone\skype.exe
001=Firewall bypass: H:\PortableSystem\PortableSkype\Phone\Skype.exe=h:\portablesystem\portableskype\phone\skype.exe
020=SSODL: CDBurn=C:\WINDOWS\system32\shell32.dll
020=SSODL: PostBootReminder=C:\WINDOWS\system32\shell32.dll
020=SSODL: SysTray=c:\windows\system32\stobject.dll
020=SSODL: WebCheck=c:\windows\system32\webcheck.dll
020=SSODL: WPDShServiceObj=c:\windows\system32\wpdshserviceobj.dll
030=BHO: {53707962-6F74-2D53-2644-206D7942484F}=c:\progra~1\spybot~1\sdhelper.dll (Spybot-S&D IE Protection)
031=Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}=C:\WINDOWS\system32\browseui.dll
031=Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}=C:\WINDOWS\system32\shell32.dll
031=Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}=(null)
032=RestrictedZOne: *.008i.com
032=RestrictedZOne: *.010402.com
032=RestrictedZOne: *.17-plus.com
032=RestrictedZOne: *.171203.com
032=RestrictedZOne: *.20x2p.com
032=RestrictedZOne: *.2ndpower.com
032=RestrictedZOne: *.3721.com
032=RestrictedZOne: *.39-93.com
032=RestrictedZOne: *.4klm.com
032=RestrictedZOne: *.75tz.com
032=RestrictedZOne: *.aaasexypics.com
032=RestrictedZOne: *.aavc.com
032=RestrictedZOne: *.acjp.com
032=RestrictedZOne: *.ad25.com
032=RestrictedZOne: *.ad45.com
032=RestrictedZOne: *.ad77.com
032=RestrictedZOne: *.ad86.com
032=RestrictedZOne: *.adobe-download-now.com
032=RestrictedZOne: *.adult-personal.us
032=RestrictedZOne: *.adultgambling.org
032=RestrictedZOne: *.adultsgames.net
032=RestrictedZOne: *.africaspromise.org
032=RestrictedZOne: *.agava.com
032=RestrictedZOne: *.agava.ru
032=RestrictedZOne: *.agentstudio.com
032=RestrictedZOne: *.akril.com
032=RestrictedZOne: *.alcatel.ws
032=RestrictedZOne: *.alfa-search.com
032=RestrictedZOne: *.all-inet.com
032=RestrictedZOne: *.allabtcars.com
032=RestrictedZOne: *.allabtjeeps.com

...

Zitat:

033=RestrictedZone: www.zonealarm-download-now.com
033=RestrictedZone: www.zonealarm-stop.com
033=RestrictedZone: www.zpwebsource.com
033=RestrictedZone: www.zqavanjpn.biz
033=RestrictedZone: www.zsupereva.it
033=RestrictedZone: www.zsvcompany.com
033=RestrictedZone: www.zurrusco.com
033=RestrictedZone: www.zxcsolution.com
033=RestrictedZone: www.zxlinks.com

Startup Folders
---------------
Common: desktop.ini
Personal: desktop.ini

HOSTS
-----
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

...

undoreal · 21.02.2008, 00:47

Sehr gut. Hast du den eScan schon gemacht?

Deaktivieere bitte den Spybot Tea-Timer Resident.

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\aswBoot.exe

C:\WINDOWS\system32\drivers\aswmon.sys

C:\WINDOWS\system32\drivers\aswTdi.sys

C:\WINDOWS\system32\drivers\aavmker4.sys

C:\WINDOWS\system32\drivers\aswRdr.sys

C:\WINDOWS\system32\A3DA537E26.sys

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

raai · 23.02.2008, 01:35

Hallo, e-scan hab ich gemacht, nur erscheint bei mir nach dem start von find.bat nicht viel text außer:
[XXXX___________________]
Copying mwav.log ...

dann scheint der Computer irgendwie zu hängen...
Tea-Timer hab ich auch abgeschaltet, und
hier sind die Ergebnisse der Scans mit VirusTotal:

C:\WINDOWS\system32\tmp.reg
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.21 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.21 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.21 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.21 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 3744 bytes
MD5: d58586b9998208988ed85aecbb214f31
SHA1: 6c79f5ec78ecdd0522fa01b34938d8830bc4e283
PEiD: -
packers: Unicode
packers: Unicode

C:\WINDOWS\system32\aswBoot.exe
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.21 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.21 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.21 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.21 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 837496 bytes
MD5: 53b993e3393e59066a1a1971a7328f0a
SHA1: ef9a16a01f623c12e29f8bc47e069c8aa5fd9c9e
PEiD: -

C:\WINDOWS\system32\drivers\aswmon.sys
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.21 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.21 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 93264 bytes
MD5: e4bd93cbf5fe2a30435e9a5ccfe601fb
SHA1: 9cca175cbaa6a2ab2c50a0f47d9812ddb527d5be
PEiD: -

C:\WINDOWS\system32\drivers\aswTdi.sys
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.21 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 42912 bytes
MD5: e8a2678eab78c2060d5eb26803667dc2
SHA1: f4634046f24a137a9f111e09c0238a86e9fa2cb3
PEiD: -

C:\WINDOWS\system32\drivers\aavmker4.sys
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.21 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 26624 bytes
MD5: d301f57713a0f6f8a3295ae6ebb69617
SHA1: a8cdb60e35596b27619cc282f11836a5d4dbeff9
PEiD: -

C:\WINDOWS\system32\drivers\aswRdr.sys
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 -
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 -
F-Secure 6.70.13260.0 2008.02.21 -
Ikarus T3.1.1.20 2008.02.21 -
Kaspersky 7.0.0.125 2008.02.21 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.21 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 -
weitere Informationen
File size: 23152 bytes
MD5: 7bab4923cabb4404bf05fd111e75e49b
SHA1: 6b73149fc9af3eb7130041c60c4a1b6871791592
PEiD: -

C:\WINDOWS\system32\A3DA537E26.sys
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.22 -
Authentium 4.93.8 2008.02.22 -
Avast 4.7.1098.0 2008.02.22 -
AVG 7.5.0.516 2008.02.22 -
BitDefender 7.2 2008.02.23 -
CAT-QuickHeal 9.50 2008.02.22 -
ClamAV 0.92.1 2008.02.22 -
DrWeb 4.44.0.09170 2008.02.22 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5557 2008.02.23 -
Ewido 4.0 2008.02.22 -
FileAdvisor 1 2008.02.23 -
Fortinet 3.14.0.0 2008.02.22 -
F-Prot 4.4.2.54 2008.02.22 -
F-Secure 6.70.13260.0 2008.02.22 -
Ikarus T3.1.1.20 2008.02.22 -
Kaspersky 7.0.0.125 2008.02.23 -
McAfee 5236 2008.02.22 -
Microsoft 1.3204 2008.02.23 -
NOD32v2 2897 2008.02.22 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.22 -
Prevx1 V2 2008.02.23 -
Rising 20.32.42.00 2008.02.22 -
Sophos 4.26.0 2008.02.23 -
Sunbelt 3.0.890.0 2008.02.22 -
Symantec 10 2008.02.23 -
TheHacker 6.2.9.227 2008.02.22 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.22 -
Webwasher-Gateway 6.6.2 2008.02.22 -
weitere Informationen
File size: 8 bytes
MD5: ba898b29f0dbf9307f494475a8393f03
SHA1: 697fd89eba4c1d12a53190666508b9aa503bf7e9
PEiD: -

undoreal · 23.02.2008, 09:12

Hallo Ralph.

Deine logs sehen für mich absolut sauber aus. Hat eScan denn etwas weltbewegendes gefunden?

Ansonsten denke ich musst du dich an deinen Provider wenden. Dein Rechner ist jedenfalls sauber.

raai · 23.02.2008, 14:39

Ah, o.k.,

eScan hat bis auf ein paar kritische Objekte nichts gefunden. Ich hab eben das log nicht gespeichert, weil ich der Anleitung nach gleich geschlossen habe um dann find.bat zustarten.

Danke fürs Anschauen und die Tipps. Ich bin froh, dass der Computer sauber ist.
Dann muss der hier im Netzwerk liegen, vielleicht weil wir hier 2 Repeater haben...
Liebe Grüße
Ralph

Bitte um Auswertung von HiJackThis-Logfile

Log-Analyse und Auswertung: Bitte um Auswertung von HiJackThis-Logfile