Internetseiten sind sehr lahm, Amazon + studiVZ funktionieren nicht, manche Suchseiten funktionieren nicht oder nur sehr schlecht.

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:46:27, on 17.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {E9D8AA80-4923-4D7C-BBC6-480BF4DA19AE} - C:\WINDOWS\system32\cbXPjIcd.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [147d7fed] rundll32.exe "C:\WINDOWS\system32\glmrkrhd.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM174e4c71] Rundll32.exe "C:\WINDOWS\system32\fxfbjoxo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6589 bytes
         

Ich würde mich sehr freuen, wenn jemand mal drüber guckt - vielen Dank!!!

Dein System ist wieder verseucht. Hast Du Dir in der Zwischenzeit etwas heruntergladen. Nach der letzten Bereinigung waren die Probleme doch verschwunden?

ComboFix

• Download ComboFix von hier oder hier auf Deinen Desktop.
• Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
  (Auch Guards von Ad-, Spyware Programmen!)
  
• Doppelklicke die combofix.exe.
• Wenn Combofix fertig ist, legt es ein Logfile an. Poste dieses Logfile und ein neues HJT Logfile als nächste Antwort

Wichtige Hinweise:

• Combofix darf ausschließlich ausgeführt werden wenn ein erfahrener Helfer dies ausdrücklich empfohlen hat!
  Es sollte nie auf eigene Initiative hin ausgeführt werden. Eine falsche Benutzung kann ernsthalfte Computerprobleme nach sich ziehen.
• Während Combofix läuft klicke nichts an, und benutze den Rechner nicht.
• Alle Guards der Antivirenprogramme sollten wie beschrieben deaktiviert sein.
• Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.
• Combofix leert die Liste der für das Internet autorisierten Anwendungen. Die meisten Fragen im Folgenden nach einer Erneuten Aufnahme, einige nicht. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.
• Combofix ändert den Standardbrowser auf den Internet Explorer. Diese Änderung nach der Anwendung ggf. manuel wieder ändern.
• Der Desktop wird während Combofix blau werden, die Icons verschinden. Dies Verhalten ist gewollt und bedeutet keine Gefahr.

Ergänzend lies Dir diese Anleitung durch, drucke sie ggf. aus.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Weg.

Man, danke nochma - ja, hab mir durch nen zwielichtigen Download wohl was eingefangen - ich pass jetzt besser auf.

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:12, on 17.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6291 bytes
         

Poste bitte das Combofix Logfile.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 08-06-16.2 - SN 2008-06-17  3:00:52.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1579 [GMT 2:00]
Running from: C:\Documents and Settings\SN\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM174e4c71.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXPjIcd.dll
C:\WINDOWS\system32\dcIjPXbc.ini
C:\WINDOWS\system32\dcIjPXbc.ini2
C:\WINDOWS\system32\dhrkrmlg.ini
C:\WINDOWS\system32\fxfbjoxo.dll
C:\WINDOWS\system32\glmrkrhd.dll

.
(((((((((((((((((((((((((   Files Created from 2008-05-17 to 2008-06-17  )))))))))))))))))))))))))))))))
.

2008-06-16 16:00 . 2008-06-16 16:00	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-06-16 15:59 . 2008-06-16 15:59	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-16 15:59 . 2008-06-16 15:59	75,272	--a------	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-16 15:59 . 2008-06-16 15:59	12,424	--a------	C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-16 15:59 . 2008-06-16 15:59	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-06-16 15:58 . 2008-06-16 15:59	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-06-15 16:49 . 2008-06-16 15:58	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-14 16:43 . 2008-06-14 16:45	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 15:11 . 2008-06-14 15:12	<DIR>	d--------	C:\Program Files\regsrch
2008-06-14 12:38 . 2008-06-14 12:38	<DIR>	d--------	C:\WINDOWS\ERUNT
2008-06-14 12:18 . 2008-06-16 15:59	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-06-14 11:01 . 2008-06-15 16:51	<DIR>	d--------	C:\programm_download
2008-06-13 18:23 . 2008-06-13 18:23	<DIR>	d--------	C:\Program Files\AVG
2008-06-12 11:09 . 2008-06-13 19:29	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avira
2008-06-11 14:51 . 2004-08-04 00:56	90,624	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-06-11 14:30 . 2008-06-11 14:30	<DIR>	d--------	C:\Program Files\Nero
2008-06-11 13:52 . 2008-06-11 13:52	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Apple Computer
2008-06-11 13:10 . 2003-06-18 17:31	17,920	--a------	C:\WINDOWS\system32\mdimon.dll
2008-06-11 13:05 . 2008-06-11 13:05	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-06-11 13:04 . 2008-06-11 13:04	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-06-11 13:04 . 2008-06-11 13:04	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-06-11 12:26 . 2008-06-15 13:43	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 12:26 . 2008-06-11 12:26	124,688	--a------	C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-11 11:57 . 2008-06-11 14:31	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-06-11 11:39 . 2008-06-11 11:39	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Ahead
2008-06-09 14:04 . 2008-06-09 14:04	<DIR>	d--------	C:\Program Files\IrfanView
2008-06-07 19:13 . 2008-06-07 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-07 16:03 . 2008-06-07 16:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-07 12:10 . 2008-06-07 12:10	<DIR>	d--------	C:\WINDOWS\Ulead.dat
2008-06-07 12:10 . 2008-06-16 00:59	89	--a------	C:\WINDOWS\ULead32.ini
2008-06-07 12:09 . 2008-06-11 15:06	554	--a------	C:\WINDOWS\VFO.VST
2008-06-07 12:09 . 2008-06-07 12:09	51	--a------	C:\WINDOWS\system32\blue.SITENAME
2008-06-06 14:25 . 2008-06-06 14:25	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Canon
2008-06-04 16:09 . 2008-06-16 15:18	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\DVD Profiler
2008-06-04 16:04 . 2008-06-16 15:18	<DIR>	d--------	C:\Program Files\DVD Profiler
2008-06-04 14:41 . 2008-06-11 13:51	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-06-04 14:41 . 2008-06-04 14:41	1,409	--a------	C:\WINDOWS\QTFont.for
2008-06-03 18:36 . 2008-06-03 18:36	<DIR>	d--------	C:\WINDOWS\system32\Lang
2008-06-03 18:36 . 2008-06-03 18:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-03 18:36 . 2008-06-03 18:36	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav
2008-06-03 18:36 . 2008-06-03 18:36	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav
2008-06-03 18:34 . 2005-04-13 16:54	331,184	--a------	C:\WINDOWS\system32\difxapi.dll
2008-06-03 17:57 . 2008-06-03 18:36	<DIR>	d--------	C:\WINDOWS\nview
2008-06-03 17:57 . 2006-10-06 19:28	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2008-06-03 17:57 . 2006-10-06 16:38	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe
2008-06-03 17:57 . 2008-06-17 03:03	88,565	--a------	C:\WINDOWS\system32\nvapps.xml
2008-06-03 17:57 . 2006-10-06 16:38	17,056	--a------	C:\WINDOWS\system32\nvdisp.nvu
2008-06-03 17:55 . 2008-06-03 17:55	<DIR>	d--------	C:\Program Files\Realtek
2008-06-03 17:55 . 2006-10-09 11:50	16,236,032	-r-------	C:\WINDOWS\RTHDCPL.exe
2008-06-03 17:54 . 2006-10-18 18:39	17,920	-ra------	C:\WINDOWS\system32\drivers\xfilt.sys
2008-06-03 17:54 . 2006-10-17 21:22	9,216	-ra------	C:\WINDOWS\system32\drivers\videX32.sys
2008-06-03 17:53 . 2008-06-03 17:53	<DIR>	d--------	C:\Program Files\VIA
2008-06-03 17:53 . 2008-06-03 17:53	<DIR>	d--------	C:\Program Files\SMSC
2008-06-03 15:41 . 2008-06-03 15:41	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\DivX
2008-06-03 15:41 . 2008-06-16 20:23	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-06-03 14:58 . 2008-06-03 14:58	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Nero
2008-06-03 14:54 . 2008-06-11 14:30	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 14:42 . 2008-06-03 14:42	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Ulead Systems
2008-06-03 14:34 . 2008-06-11 13:10	376	--a------	C:\WINDOWS\ODBC.INI
2008-06-03 14:27 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-06-03 14:24 . 2008-06-11 12:54	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-03 14:20 . 2008-06-03 19:30	<DIR>	d--------	C:\Program Files\Common Files\LightScribe
2008-06-03 14:20 . 2008-06-03 14:20	<DIR>	d--------	C:\Program Files\Common Files\InterVideo
2008-06-03 14:20 . 2008-06-03 14:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-03 14:18 . 2008-06-03 14:18	<DIR>	d--------	C:\Program Files\Ulead Systems
2008-06-03 14:18 . 2008-06-03 14:18	<DIR>	d--------	C:\Program Files\Common Files\Ulead Systems
2008-06-03 14:18 . 2008-06-03 14:19	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-03 14:15 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll
2008-06-03 01:38 . 2008-06-03 01:38	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Publish Providers
2008-06-03 01:33 . 2008-06-03 01:33	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Sony
2008-06-03 01:32 . 2008-06-03 01:32	<DIR>	d--------	C:\Program Files\Bonjour
2008-06-03 01:26 . 2008-06-03 01:26	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-06-03 01:25 . 2008-06-14 13:11	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-06-03 01:18 . 2008-06-03 01:18	<DIR>	d--------	C:\Program Files\Common Files\SWF Studio
2008-06-03 01:16 . 2008-06-03 01:16	<DIR>	d--------	C:\Program Files\Riva FLV Encoder 2.0
2008-06-03 01:07 . 2008-06-14 11:56	<DIR>	d--------	C:\Program Files\PowerISO
2008-06-03 00:24 . 2000-05-02 09:17	212,480	--a------	C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-03 00:24 . 1998-06-17 18:07	57,344	--a------	C:\WINDOWS\system32\Mfc42loc.dll
2008-06-03 00:16 . 2008-06-16 01:13	596	--a------	C:\WINDOWS\VFO.INI
2008-06-03 00:14 . 2008-06-03 00:14	<DIR>	d--------	C:\Program Files\SmartSound Software
2008-06-03 00:14 . 2008-06-07 16:04	<DIR>	d--------	C:\Program Files\QuickTime
2008-06-03 00:14 . 2008-06-03 00:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-03 00:14 . 2008-06-03 00:24	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 00:13 . 2008-06-03 14:20	<DIR>	d--------	C:\Program Files\DivX
2008-06-03 00:10 . 2008-06-03 00:24	<DIR>	d--------	C:\Program Files\Pinnacle
2008-06-03 00:10 . 2008-06-03 00:17	<DIR>	d--------	C:\Program Files\Avid
2008-06-03 00:10 . 2008-06-07 12:10	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-03 00:05 . 2008-06-03 00:06	<DIR>	d--------	C:\Program Files\SureThing CD Labeler 5
2008-06-03 00:05 . 2008-06-03 00:05	<DIR>	d--------	C:\Program Files\Common Files\SureThing Shared
2008-06-03 00:00 . 2008-06-03 00:00	<DIR>	d--------	C:\Program Files\Vstplugins
2008-06-03 00:00 . 2008-06-03 01:34	<DIR>	d--------	C:\Program Files\Sony
2008-06-02 23:57 . 2008-06-02 23:57	<DIR>	d--------	C:\Program Files\Sony Setup
2008-06-02 23:57 . 2008-06-02 23:57	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\Sony Setup
2008-06-02 23:44 . 2008-06-02 23:44	<DIR>	d--------	C:\Program Files\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44	<DIR>	d--------	C:\Program Files\Common Files\ScanSoft Shared
2008-06-02 23:44 . 2008-06-02 23:44	<DIR>	d--------	C:\Documents and Settings\SN\Application Data\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-02 23:44 . 2008-06-02 23:44	419	--a------	C:\WINDOWS\MAXLINK.INI
2008-06-02 23:43 . 2008-06-03 17:55	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information
2008-06-02 23:43 . 2008-06-03 14:19	<DIR>	d--------	C:\Program Files\Common Files\InstallShield
2008-06-02 23:43 . 2008-06-02 23:43	<DIR>	d--------	C:\Program Files\ArcSoft
2008-06-02 23:43 . 1995-08-01 04:44	212,480	--a------	C:\WINDOWS\PCDLIB32.DLL
2008-06-02 23:42 . 2003-09-18 14:32	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll
2008-06-02 23:42 . 2003-09-18 14:32	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll
2008-06-02 23:42 . 2003-09-18 14:32	348,160	--a------	C:\WINDOWS\system32\msvcr71.dll
2008-06-02 23:42 . 1998-11-17 13:44	328,704	--a------	C:\WINDOWS\IsUn0407.exe
2008-06-02 23:41 . 2008-06-02 23:41	<DIR>	d--h-----	C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-02 23:40 . 2008-06-02 23:40	<DIR>	d--h-----	C:\Program Files\CanonBJ
2008-06-02 23:40 . 2008-06-02 23:45	<DIR>	d--------	C:\Program Files\Canon
2008-06-02 23:39 . 2008-06-02 23:39	<DIR>	d--h-----	C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-02 23:39 . 2006-04-23 22:00	161,792	--a------	C:\WINDOWS\system32\CNMLM85.DLL
2008-06-02 23:38 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-02 23:38 . 2004-08-03 23:01	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-02 23:38 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 23:38 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-02 23:37 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-02 23:37 . 2004-08-03 23:08	31,616	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-02 01:53 . 2008-06-07 12:09	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-06-02 01:19 . 2008-06-02 01:19	1,160	--a------	C:\WINDOWS\mozver.dat
2008-06-01 20:04 . 2001-08-17 15:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys
2008-06-01 20:03 . 2004-08-04 02:56	74,240	--a------	C:\WINDOWS\system32\usbui.dll
2008-06-01 20:03 . 2004-08-04 00:59	57,472	--a------	C:\WINDOWS\system32\drivers\redbook.sys
2008-06-01 20:03 . 2004-08-04 01:07	44,672	--a------	C:\WINDOWS\system32\drivers\UAGP35.SYS
2008-06-01 20:03 . 2001-08-17 14:13	27,165	--a------	C:\WINDOWS\system32\drivers\fetnd5.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 13:44	---------	d-----w	C:\Documents and Settings\SN\Application Data\uTorrent
2008-06-14 21:05	---------	d-----w	C:\Program Files\Google
2008-06-01 22:58	---------	d-----w	C:\Program Files\CDex_150
2008-06-01 22:34	---------	d-----w	C:\Program Files\uTorrent
2008-06-01 22:27	---------	d-----w	C:\Documents and Settings\SN\Application Data\Talkback
2008-06-01 22:06	---------	d-----w	C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16 196608]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"SetIcon"="\Programme\SMSC\SetIcon.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 11:50 16236032 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-10-09 11:50 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-06 16:38 7700480]
"nwiz"="nwiz.exe" [2006-10-06 16:38 1617920 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-16 15:58 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-16 15:59]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 18:39]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-16 15:59]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-16 15:58]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-16 15:58]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-16 15:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch	REG_MULTI_SZ   	DcomLaunch

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 03:03:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-17  3:05:52 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-17 01:05:47

Pre-Run: 835,789,836,288 bytes free
Post-Run: 835,889,004,544 bytes free

236
         

Sieht ok aus, bitte Combofix wieder deinstallieren und in Zukunft überlegen, was man downloaded.
Um Combofix zu loeschen(den qoobox ordner) gebe unter Start /Ausführen "combofix /u" ein. Ohne die " natürlich.

Zitat:

Zitat von BataAlexander

Sieht ok aus, bitte Combofix wieder deinstallieren und in Zukunft überlegen, was man downloaded.
Um Combofix zu loeschen(den qoobox ordner) gebe unter Start /Ausführen "combofix /u" ein. Ohne die " natürlich.

Danke und ich pass wie schon gesagt jetzt besser auf - im Gegensattz zum ersten Virenbefall, war das auch wirklich sehr dumm und absehbar.