Hallo,

hat jemand Zeitdafür, einen Blick auf meinen Log zu werfen und mich über etwaig kritische Anwendungen zu informieren?

Vielen Dank

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:51, on 30.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Programme 02\Security\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
F:\System VMware\VMware Workstation PRG\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
F:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe
F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\Programme 03\InterNet\SHARING\µTorrent\µTorrent 1.6.1 Build 490\utorrent161.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Programme 03\InterNet\SHARING\BitTorrent\BiiTorrent 6 PRG\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
F:\Programme 03\Uhr & Zeit & Kalender\Analoguhr v2.03 (c´t)clock\CLOCK.EXE
F:\Programme 03\Desktop\PrintScreen\PrintScreen 2.6\PrintScreen 2.6 PRG\PrintScreen.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
F:\Programme 03\Dateienverwaltung\EXPLORER\freeCommander\freeCommander 2007.05 a PRG\FreeCommander.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme 03\Browser & Editoren\Firefox\Firefox 3.0 PRG\firefox.exe
F:\Programme 03\Kommerz\eBay\Biet-O-Matic PRG\Biet-O-Matic.exe
F:\Programme 03\Dateienverwaltung\EXPLORER\freeCommander\freeCommander 2007.05 a PRG\FreeCommander.exe
c:\program files\winrar\winrar.exe
C:\Programme 02\System\Defrag Server PRG\oodcnt.exe
F:\Programme 03\Media\vlc media player\VLC media player 0.8.6f PRG\vlc.exe
C:\Program Files\WinRAR\WinRAR.exe
F:\Programme 03\Security\HijackThis 2.0.2 PRG\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jccatch.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
O2 - BHO: (no name) - {4B47CA08-3A4F-44DF-A695-957A5C968664} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O2 - BHO: (no name) - {5FB1E262-3760-4C69-8445-E095311927F8} - (no file)
O2 - BHO: (no name) - {651c743f-8651-4f74-8561-63df7d2a440f} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {897021FF-87CC-4096-B5AE-CA2164EE6B4E} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\getflash.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programme 02\Security\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [vmware-tray] F:\System VMware\VMware Workstation PRG\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
O4 - HKCU\..\Run: [Dexpot 1.2] f:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
O4 - HKCU\..\Run: [SandboxieControl] "F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme 02\System\Registry\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Dexpot v1.4.lnk = Desktop\Dexpot\Dexpot PRG\Dexpot.exe
O4 - Global Startup: PeerGuardian2 (for Torrents).lnk = Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O4 - Global Startup: Uhr Allzeit Atomzeit (leise, 3 Min. verzögert).lnk = C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_link.htm
O8 - Extra context menu item: Block advertisement - h**p://localhost:4002/cookie.cooker/scriptwerbung
O8 - Extra context menu item: CC Web-Interface - h**p://localhost:4002/cookie.cooker/loadifscript
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Fill form (random) - h**p://localhost:4002/cookie.cooker/fillscriptr
O8 - Extra context menu item: Fill form (real data) - h**p://localhost:4002/cookie.cooker/fillscriptp
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - h**p://-Web.Washer-/ie_add
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer = 192.168.178.254,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer = 192.168.0.20,192.168.0.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: byXOiGVL - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme 03\Security\TROJAN-SCANNER\Ad-aware\Ad-Aware 2007 PRG\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IZMQOUDXFALJ - Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources - C:\DOCUME~1\a\LOCALS~1\Temp\IZMQOUDXFALJ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: R-Studio Agent - R-Tools Technology Inc. - F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme 03\System\Diagnose\Sisoft Sandra\SiSoft Sandra 2005 PRG\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11134 bytes

Halli hallo.

Deinstalliere den Spyware Terminator.

Fixe alle .......(no file) und .........(file missing) Einträge mit Hijackthis.

Update danach dringend auf das Service Pack3 !!

Lasse CCleaner laufen und poste ein frisches HJT log.

Vielen Dank.

1. "O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)" erscheint wiederholt nach HijackThis 2.0.2 - Anwendung.
2. "(file missing) Einträge" sind nicht vorhanden.
3. Ich habe Spyware Terminator deinstalliert.
Was stimmt mit Spyware Terminator nchit?
4. Worin unterscheidet sich die Registry-Reinigung des CCleaners von Regsupreme und RegCleaner?
5. Das neue Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:16, on 30.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Programme 02\Security\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
F:\System VMware\VMware Workstation PRG\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
F:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe
F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Programme 03\InterNet\SHARING\µTorrent\µTorrent 1.6.1 Build 490\utorrent161.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Programme 03\System\Bereinigungsprogramme\CCleaner\CCleaner PRG\CCleaner.exe
C:\WINDOWS\system32\notepad.exe
F:\Programme 03\Security\HijackThis 2.0.2 PRG\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\getflash.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programme 02\Security\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [vmware-tray] F:\System VMware\VMware Workstation PRG\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
O4 - HKCU\..\Run: [Dexpot 1.2] f:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
O4 - HKCU\..\Run: [SandboxieControl] "F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme 02\System\Registry\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Dexpot v1.4.lnk = Desktop\Dexpot\Dexpot PRG\Dexpot.exe
O4 - Global Startup: PeerGuardian2 (for Torrents).lnk = Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O4 - Global Startup: Uhr Allzeit Atomzeit (leise, 3 Min. verzögert).lnk = C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_link.htm
O8 - Extra context menu item: Block advertisement - h**p://localhost:4002/cookie.cooker/scriptwerbung
O8 - Extra context menu item: CC Web-Interface - h**p://localhost:4002/cookie.cooker/loadifscript
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Fill form (random) - h**p://localhost:4002/cookie.cooker/fillscriptr
O8 - Extra context menu item: Fill form (real data) - h**p://localhost:4002/cookie.cooker/fillscriptp
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - h**p://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer = 192.168.178.254,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer = 192.168.0.20,192.168.0.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: byXOiGVL - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme 03\Security\TROJAN-SCANNER\Ad-aware\Ad-Aware 2007 PRG\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IZMQOUDXFALJ - Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources - C:\DOCUME~1\a\LOCALS~1\Temp\IZMQOUDXFALJ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: R-Studio Agent - R-Tools Technology Inc. - F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme 03\System\Diagnose\Sisoft Sandra\SiSoft Sandra 2005 PRG\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9972 bytes

SpawareTerminator ist höchst umstritten und sollte daher deinstalliert werden. Es gibt weit bessere und vertrauenswürdige Programme.

Suche bitte wie in meiner Signatur beschriben wird nach folgender Datei:byXOiGVL

Poste bitte den genauen Dateipfad wo sie gefunden wurde.

> Suche bitte wie in meiner Signatur beschriben wird nach folgender Datei:byXOiGVL
> Poste bitte den genauen Dateipfad wo sie gefunden wurde.

C:\Documents and Settings\All Users\Application Data\SecTaskMan\_byXOiGVL1569E000

Hm.

Deinstalliere mal bitte den SecTaskMagr. starte den Rechner un poste ein frisches HJT log.

1. SecTaskMag deinstalliert
Wie bewertest Du den SecTaskMag?
2. Neustart
3. CCleaner angewendet
4. F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe noch vorhanden
5.O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe noch vorhanden
4. C:\Documents and Settings\All Users\Application Data\Spyware Terminator kann m.E. manuell geloescht werden
5. C:\Documents and Settings\All Users\Application Data\SecTaskMan kann m.E. manuell geloescht werden
6. Gruß & Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:45, on 30.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Programme 02\Security\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
F:\System VMware\VMware Workstation PRG\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
F:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe
F:\Programme 03\Desktop\Dexpot\Dexpot PRG\Dexpot.exe
F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
F:\Programme 03\InterNet\SHARING\µTorrent\µTorrent 1.6.1 Build 490\utorrent161.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme 03\Security\HijackThis 2.0.2 PRG\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\getflash.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programme 02\Security\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [vmware-tray] F:\System VMware\VMware Workstation PRG\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
O4 - HKCU\..\Run: [Dexpot 1.2] f:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
O4 - HKCU\..\Run: [SandboxieControl] "F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme 02\System\Registry\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Dexpot v1.4.lnk = Desktop\Dexpot\Dexpot PRG\Dexpot.exe
O4 - Global Startup: PeerGuardian2 (for Torrents).lnk = Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O4 - Global Startup: Uhr Allzeit Atomzeit (leise, 3 Min. verzögert).lnk = C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_link.htm
O8 - Extra context menu item: Block advertisement - http://localhost:4002/cookie.cooker/scriptwerbung
O8 - Extra context menu item: CC Web-Interface - http://localhost:4002/cookie.cooker/loadifscript
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Fill form (random) - http://localhost:4002/cookie.cooker/fillscriptr
O8 - Extra context menu item: Fill form (real data) - http://localhost:4002/cookie.cooker/fillscriptp
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer = 192.168.178.254,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer = 192.168.0.20,192.168.0.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: byXOiGVL - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme 03\Security\TROJAN-SCANNER\Ad-aware\Ad-Aware 2007 PRG\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IZMQOUDXFALJ - Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources - C:\DOCUME~1\a\LOCALS~1\Temp\IZMQOUDXFALJ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: R-Studio Agent - R-Tools Technology Inc. - F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme 03\System\Diagnose\Sisoft Sandra\SiSoft Sandra 2005 PRG\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9937 bytes

byXOiGVL.dll gefunden in C:\WINDOWS\System32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:58, on 01.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Programme 02\Security\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
F:\System VMware\VMware Workstation PRG\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
F:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe
F:\Programme 03\Desktop\Dexpot\Dexpot PRG\Dexpot.exe
F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
F:\Programme 03\InterNet\SHARING\µTorrent\µTorrent 1.6.1 Build 490\utorrent161.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme 03\Browser & Editoren\Firefox\Firefox 3.0 PRG\firefox.exe
F:\Programme 03\InterNet\SHARING\BitTorrent\BiiTorrent 6 PRG\bittorrent.exe
F:\Programme 03\Dateienverwaltung\EXPLORER\freeCommander\freeCommander 2007.05 a PRG\FreeCommander.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme 02\System\Defrag Server PRG\oodcnt.exe
c:\program files\winrar\winrar.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme 03\Media\vlc media player\VLC media player 0.8.6f PRG\vlc.exe
F:\Programme 03\Dateienverwaltung\SYNCHRONISATION\FindDoubleFiles\FindDoubleFiles v1.2 PRG\FindDoubleFiles.Exe
F:\Programme 03\Dateienverwaltung\EXPLORER\TotalCMD\Total Commander 7.1 PRG\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
F:\Programme 03\Kommerz\eBay\Biet-O-Matic PRG\Biet-O-Matic.exe
F:\Programme 03\Security\HijackThis 2.0.2 PRG\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\getflash.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programme 02\Security\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [vmware-tray] F:\System VMware\VMware Workstation PRG\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
O4 - HKCU\..\Run: [Dexpot 1.2] f:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
O4 - HKCU\..\Run: [SandboxieControl] "F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme 02\System\Registry\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Dexpot v1.4.lnk = Desktop\Dexpot\Dexpot PRG\Dexpot.exe
O4 - Global Startup: PeerGuardian2 (for Torrents).lnk = Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O4 - Global Startup: Uhr Allzeit Atomzeit (leise, 3 Min. verzögert).lnk = C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme 03\InterNet\Downloadmanager\Flashget PRG\jc_link.htm
O8 - Extra context menu item: Block advertisement - h**p://localhost:4002/cookie.cooker/scriptwerbung
O8 - Extra context menu item: CC Web-Interface - h**p://localhost:4002/cookie.cooker/loadifscript
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Fill form (random) - h**p://localhost:4002/cookie.cooker/fillscriptr
O8 - Extra context menu item: Fill form (real data) - h**p://localhost:4002/cookie.cooker/fillscriptp
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - h**p://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Security\TROJAN~1\Spybot\SPYBOT~1.20P\SDHelper.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer = 192.168.178.254,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer = 192.168.0.20,192.168.0.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: byXOiGVL - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme 03\Security\TROJAN-SCANNER\Ad-aware\Ad-Aware 2007 PRG\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IZMQOUDXFALJ - Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources - C:\DOCUME~1\a\LOCALS~1\Temp\IZMQOUDXFALJ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: R-Studio Agent - R-Tools Technology Inc. - F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Programme 03\System\Diagnose\Sisoft Sandra\SiSoft Sandra 2005 PRG\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\System VMware\VMware Workstation PRG\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10787 bytes

Gruß

Tiger

Hallöle.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Hallo,

Gruß & Log:

ComboFix 08-06-30.2 - a 2008-07-01 23:57:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501 [GMT 2:00]
Running from: C:\Documents and Settings\***\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smp.bat
C:\WINDOWS\pskt.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\byXOiGVL.dll
C:\WINDOWS\system32\DMmVuvut.ini
C:\WINDOWS\system32\DMmVuvut.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dugatyll.exe
C:\WINDOWS\system32\eraccels.dll
C:\WINDOWS\system32\fjcocalr.dll
C:\WINDOWS\system32\gxwqdfrv.dll
C:\WINDOWS\system32\hqcsigvi.dll
C:\WINDOWS\system32\jowiceto.ini
C:\WINDOWS\system32\jqmaehbn.exe
C:\WINDOWS\system32\kfuuptlg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qhtygorn.ini
C:\WINDOWS\system32\qoMdaBtr.dll
C:\WINDOWS\system32\rfueuitw.ini
C:\WINDOWS\system32\rfueuitw.ini2
C:\WINDOWS\system32\shgsakue.ini
C:\WINDOWS\system32\sleccare.ini
C:\WINDOWS\system32\sleccare.tmp
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tuvuVmMD.dll
C:\WINDOWS\system32\utiabilo.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wtiueufr.dll
C:\WINDOWS\system32\ynmygdoe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-13 14:39 . 2008-06-13 14:42 <DIR> d-------- C:\Documents and Settings\***\Application Data\Dybuster
2008-06-10 06:22 . 2008-06-10 06:22 6,331 --a------ C:\sexkiste.gif
2008-06-08 21:10 . 2008-06-08 21:10 1,580,146 ---hs---- C:\WINDOWS\system32\jowiceto.tmp
2008-06-08 21:09 . 2008-06-08 21:10 109,807 --a------ C:\WINDOWS\BM77657c3a.xml
2008-06-08 07:10 . 2008-06-08 07:10 1,580,086 ---hs---- C:\WINDOWS\system32\utiabilo.tmp
2008-06-07 22:58 . 2004-07-13 10:57 1,843,200 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-06-07 22:58 . 2007-04-16 13:58 1,097,728 --a------ C:\WINDOWS\system32\NMSDVDX.dll
2008-06-07 22:58 . 2004-07-13 10:58 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-06-07 22:58 . 2007-11-14 12:42 113,168 --a------ C:\WINDOWS\system32\drivers\vdrv9000.sys
2008-06-07 22:58 . 2006-09-20 11:42 11,392 --a------ C:\WINDOWS\system32\drivers\HH9Help.sys
2008-06-07 21:06 . 2008-06-07 21:06 <DIR> d-------- C:\Documents and Settings\***\Application Data\InstallShield
2008-06-07 10:55 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\is-LR7NS.tmp
2008-06-07 10:55 . 2008-06-07 10:55 680,960 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-05 00:20 . 2008-06-05 00:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 22:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-07-01 22:09 --------- d-----w C:\Documents and Settings\***ll Users\Application Data\VMware
2008-07-01 21:49 --------- d-----w C:\Documents and Settings\***\Application Data\VMware
2008-07-01 21:49 --------- d-----w C:\Documents and Settings\***\Application Data\uTorrent
2008-07-01 21:49 --------- d-----w C:\Documents and Settings\***\Application Data\BitTorrent
2008-07-01 20:30 --------- d-----w C:\Documents and Settings\***\Application Data\BOM
2008-06-30 11:53 --------- d-----w C:\Documents and Settings\***ll Users\Application Data\SecTaskMan
2008-06-30 10:27 --------- d-----w C:\Documents and Settings\***ll Users\Application Data\Spybot - Search & Destroy
2008-06-27 13:11 --------- d-----w C:\Program Files\WinClamAVShield
2008-06-27 13:10 --------- d-----w C:\Documents and Settings\***\Application Data\Spyware Terminator
2008-06-13 07:01 --------- d-----w C:\Program Files\Crawler
2008-06-07 09:00 --------- d---a-w C:\Documents and Settings\***ll Users\Application Data\TEMP
2008-06-02 05:47 --------- d-----w C:\Documents and Settings\***ll Users\Application Data\Spyware Terminator
2008-05-25 11:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-18 07:16 40,960 ----a-w C:\Documents and Settings\LocalService\rtdrvmon.exe
2008-05-15 10:08 129,536 ----a-w C:\WINDOWS\system32\IJL15.dll
2008-05-14 07:38 --------- d-----w C:\Documents and Settings\y\Application Data\VMware
2008-05-11 09:16 4,886 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-10 20:41 --------- d-----w C:\Documents and Settings\y\Application Data\Dexpot
2008-05-10 13:24 --------- d-----w C:\Program Files\Java
2008-04-09 08:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
.

------- Sigcheck -------

2006-03-20 09:24 360448 9c515b8621d34478dfaa89b6b5434a54 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Dexpot 1.2"="f:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe" [2006-05-09 23:25 1286144]
"SandboxieControl"="F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe" [2008-04-27 15:22 512512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 15:57 143360]
"ClamWin"="C:\Programme 02\Security\ClamWin\bin\ClamTray.exe" [2008-06-14 14:13 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"vmware-tray"="F:\System VMware\VMware Workstation PRG\vmware-tray.exe" [2007-10-08 09:27 72240]

C:\Documents and Settings\***\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Programme 02\System\Registry\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912]

C:\Documents and Settings\***ll Users\Start Menu\Programs\Startup\
Dexpot v1.4.lnk - F:\Programme 03\Desktop\Dexpot\Dexpot PRG\Dexpot.exe [2006-05-09 23:25:10 1286144]
PeerGuardian2 (for Torrents).lnk - F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe [2007-11-01 12:04:09 1421824]
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-08-27 10:59:40 57344]
Uhr Allzeit Atomzeit (leise, 3 Min. verz”gert).lnk - C:\Program Files\Allzeit Atomzeit\Atomzeit.exe [2007-02-05 10:48:16 78848]

C:\Documents and Settings\***ll Users\Start Menu\Programs\Startup\AutorunsDisabled
Microsoft Office.lnk - C:\Programme 02\Office\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ir32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"Ad-Watch"=f:\programme 03\security\trojan-scanner\ad-aware 2007 7.0.2.5 prg\ad-watch2007.exe
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
"Microsoft Updates"=svehost.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ABBYY Community Agent"=F:\Programme 03\Text\Texterkennung\FineReader Pro\FineReader 5.0 PRG\CAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme 02\\Security\\FRITZ!DSL\\IGDCTRL.EXE"=
"\\\\CUSL2\\IBM (F)\\Programme 03\\Recovery\\R(ecovery)-Studio\\R-Studio Agent 3.0 build 841 PRG\\RSAgent.exe"=
"F:\\Programme 03\\Recovery\\R(ecovery)-Studio\\R-Studio v3.5_de\\R-Studio Agent 3.0 build 841_de PRG\\RSAgent.exe"=
"C:\\Programme 03\\InterNet\\Downloadmanager\\Flashget PRG\\flashget.exe"=
"F:\\Programme 03\\Games\\RoboRumble PRG p4pe\\DATA\\rr_dx5.exe"=
"F:\\Programme 03\\Games\\RoboRumble PRG p4pe\\DATA\\rr_soft.exe"=
"F:\\Games\\RoboRumble\\DATA\\rr_dx5.exe"=
"F:\\Programme 03\\Games\\RoboRumble PRG p4pe\\DATA\\rr_glide.exe"=
"F:\\Programme 03\\InterNet\\SHARING\\eMule\\eMule PRG\\emule.exe"=
"F:\\System VMware\\VMware Workstation PRG\\bin\\vmware-vmx.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"F:\\Programme 03\\InterNet\\SHARING\\BitTorrent\\BitTorrent PRG_save\\bittorrent.exe"=
"F:\\Programme 03\\InterNet\\SHARING\\BitTorrent\\BiiTorrent 6 PRG\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"86:TCP"= 86:TCP:BroadCam Web Server

R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1997-10-08 03:04]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1997-10-08 03:04]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1997-10-08 03:04]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-01-15 11:53]
R2 R-Studio Agent;R-Studio Agent;F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe [2006-09-19 08:34]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34]
R3 SbieDrv;SbieDrv;F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieDrv.sys [2008-04-27 15:22]
R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 12:50]
S1 PROCEXP;PROCEXP;C:\WINDOWS\system3n []
S3 b589B;b589B;C:\WINDOWS\system32\b589B.sys [2008-03-25 03:59]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Programme 03\System\Diagnose\EVEREST\Everest Ultimate Edition 2006 v2.80.534 PRG\kerneld.wnt [2006-02-21 00:00]
S3 IZMQOUDXFALJ;IZMQOUDXFALJ;C:\DOCUME~1\a\LOCALS~1\Temp\IZMQOUDXFALJ.exe []
S3 PORTMON;PORTMON;F:\Programme 03\System\Mark Russinovich\All (Utilities)\PMon v1.0\PORTMSYS.SYS []

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 21:09:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 23:19:59 C:\WINDOWS\Tasks\ERUNT Task.job"
- C:\Programme 02\System\Registry\ERUNT\ERUNT Task.vbs
"2008-06-30 22:23:19 C:\WINDOWS\Tasks\WinTweaks-ProfCleaner - all_01.job"
- C:\Documents and Settings\***ll Users\Start Menu\WinTweaks-ProfCleaner - all_01.bat
.
- - - - ORPHANS REMOVED - - - -

Notify-byXOiGVL - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-07-02 00:08:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\F:\Programme 03\System\Diagnose\EVEREST\Everest Ultimate Edition 2006 v2.80.534 PRG\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PROCEXP]
"ImagePath"="\??\C:\WINDOWS\system3"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\TERMIN~1\TV7131~1\P3XRCtl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
.
**************************************************************************
.
Completion time: 2008-07-02 0:10:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 22:10:15

Pre-Run: 7,458,459,648 bytes free
Post-Run: 7,364,300,800 bytes free

219

Sag mal, wie schafft man es eigentlich mit installiertem VMWare seinen Rechner zu zerschießen?

Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:

• Doppelklick auf das Avenger-Symbol

• Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code: Alles auswählenAufklappen

ATTFilter

Files to delete:
C:\sexkiste.gif
C:\WINDOWS\system32\jowiceto.tmp
C:\WINDOWS\system32\utiabilo.tmp
C:\WINDOWS\system32\is-LR7NS.tmp
C:\WINDOWS\isRS-000.tmp
C:\WINDOWS\system32\CatRoot_bak
C:\WINDOWS\BM77657c3a.xml
C:\Documents and Settings\LocalService\rtdrvmon.exe
C:\WINDOWS\system32\PerfStringBackup.TMP


Folders to delete:
C:\Program Files\Crawler
         

• Schliesse nun alle Programme und Browser-Fenster

• Um den Avenger zu starten klicke auf -> Execute
• Dann bestätigen mit "Yes" das der Rechner neu startet

• Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

• Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hallo,
Netzteil defekt, altes und schwächeres eingebaut, um Abstürze zu vermeiden auf Sandboxie umgestiegen.

Das Problem scheint mit dem Spyware Terminator zusammen zu hängen.

Im Übrigen vermute ich eine korrupte Version von FireTune for Firefox, welches sich nicht deinstallieren lässt.
Das habe ich übrigens via "winboard.org" bezogen.

Hier das Log & Gruß:
Tiger

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\sexkiste.gif" deleted successfully.
File "C:\WINDOWS\system32\jowiceto.tmp" deleted successfully.
File "C:\WINDOWS\system32\utiabilo.tmp" deleted successfully.
File "C:\WINDOWS\system32\is-LR7NS.tmp" deleted successfully.
File "C:\WINDOWS\isRS-000.tmp" deleted successfully.

Error: "C:\WINDOWS\system32\CatRoot_bak" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\CatRoot_bak" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\WINDOWS\BM77657c3a.xml" deleted successfully.
File "C:\Documents and Settings\LocalService\rtdrvmon.exe" deleted successfully.
File "C:\WINDOWS\system32\PerfStringBackup.TMP" deleted successfully.
Folder "C:\Program Files\Crawler" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Lösche bitte noch den Ordner: C:\WINDOWS\system32\CatRoot_bak

Zitat:

Das Problem scheint mit dem Spyware Terminator zusammen zu hängen.

Das habe ich dir ja schon ganz am Anfang geschrieben..


-- Rogue Spyware --

* Downloade RVAXO.exe von hier --> http://home.hetnet.nl/~stefsmeenk/RVAXO.exe
* Speichere es auf dem Desktop.
* starte die RVAXO.exe mit einem Doppelklick
* eventuell öffnet sich ein Uninstaller
* schliesse ihn nicht, lass das Programm laufen
* Starte deinen Rechner danach neu
* nach dem Neustart mach einen Doppelklick auf die RVAXO.exe
* ist sehr wichtig!
* das Logfile findest du hier: C:\RVAXO-results.log


Und folge bitte dieser Anleitung: SmitFraudFix

Zitat:

Das habe ich dir ja schon ganz am Anfang geschrieben..

Hast Du Infos über Herkunft und Wirkung von byXOiGVL? Ich wurde beim Googlen nicht fündig.

Zitat:

* das Logfile findest du hier: C:\RVAXO-results.log

RVAXO hat keinen Log geschrieben.

Hier das Log von SmitFraudFix v2.328. Es scheint o.k. zu sein:

Gruß

Tiger

SmitFraudFix v2.328

Scan done at 5:44:55,19, 03.07.2008
Run from C:\Documents and Settings\***\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Programme 02\Security\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
F:\System VMware\VMware Workstation PRG\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spybot\Spybot v1.5.2.20 PRG\TeaTimer.exe
F:\programme 03\desktop\dexpot\dexpot prg\dexpot.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieCtrl.exe
F:\Programme 03\Security\InterNet u NETWORK\PeerGuardian 2\PeerGuardian2 PRG\pg2.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Allzeit Atomzeit\Atomzeit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme 02\Security\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
F:\Programme 03\Recovery\R(ecovery)-Studio\R-Studio v3.5_de\R-Studio Agent 3.0 build 841_de PRG\RSAgent.exe
F:\Programme 03\System\Virtual Environment\Sandboxie PRG\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Programme 03\Security\TROJAN-SCANNER\Spyware Terminator\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
F:\System VMware\VMware Workstation PRG\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programme 03\Browser & Editoren\Firefox\Firefox 3.0 PRG\firefox.exe
C:\Documents and Settings\***\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\***


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\***\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\a\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
DNS Server Search Order: 192.168.178.1

Description: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.20
DNS Server Search Order: 192.168.0.1

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.178.254
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer=192.168.178.254,192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{752CE1E0-F679-419A-AAB0-57FD12DC4ACC}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer=192.168.0.20,192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer=192.168.178.254,192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{752CE1E0-F679-419A-AAB0-57FD12DC4ACC}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer=192.168.0.20,192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{504F516C-54BB-494C-96E6-0FB50C5B8B22}: NameServer=192.168.178.254,192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{752CE1E0-F679-419A-AAB0-57FD12DC4ACC}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CED3DDF5-9A7D-40DB-AE23-FD3E4DCA95EA}: NameServer=192.168.0.20,192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:

• Doppelklick auf das Avenger-Symbol

• Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code: Alles auswählenAufklappen

ATTFilter

Folders to delete:
F:\Programme 03\Security\TROJAN-SCANNER
         

• Schliesse nun alle Programme und Browser-Fenster

• Um den Avenger zu starten klicke auf -> Execute
• Dann bestätigen mit "Yes" das der Rechner neu startet

• Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

• Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Poste danach bitte ein frisches HJT log.