Anit vir funktionierte nicht mehr läßt sich aber nicht ganz entfernen

schrauber · 21.10.2008

wenn der rechner wirklich verseucht war/ist, und du dann auf den verseuchten rechner das sp2 aufgespielt hast, hilft eh nur formatieren...

logologo · 21.10.2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:46, on 21.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\Brother\ControlCenter3\brccMCtl.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Nicki\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [autoload] C:\Dokumente und Einstellungen\Nicki\cftmon.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Programme\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [autoload] C:\Dokumente und Einstellungen\Nicki\cftmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\MSMSGS.EXE /background
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User->SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Dokumente und Einstellungen\LocalService\cftmon.exe (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.de/tools/activex/fpu.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O20 - Winlogon Notify: bltesisxx - ioiychnb.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Taskplaner (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8062 bytes
[br][br]Erstellt am: 21.10.08 um 20:31:31

[br]Silent Runners.vbs, revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by {++}

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
PhonostarAgent = C:\Programme\phonostar\ps_agent.exe [phonostar]
PhonostarTimer = C:\Programme\phonostar\ps_timer.exe [phonostar]
autoload = C:\Dokumente und Einstellungen\Nicki\cftmon.exe [file not found]
MSMSGS = C:\Programme\Messenger\MSMSGS.EXE /background [MS]
ntuser = C:\WINDOWS\system32\drivers\spools.exe [file not found]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
ATIModeChange = Ati2mdxx.exe [ATI Technologies, Inc.]
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [ATI Technologies, Inc.]
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [McAfee Security]
zBrowser Launcher = C:\Programme\Logitech\iTouch\iTouch.exe [Logitech Inc.]
Logitech Utility = Logi_MwX.Exe [Logitech Inc.]
autoload = C:\Dokumente und Einstellungen\Nicki\cftmon.exe [file not found]
Media Codec Update Service = C:\Programme\Essentials Codec Pack\update.exe -silent [MediaCodec.Org]
BrMfcWnd = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [Brother Industries, Ltd.]
ControlCenter3 = C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun [Brother Industries, Ltd.]
ntuser = C:\WINDOWS\system32\drivers\spools.exe [file not found]
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [ALWIL Software]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = Yahoo! Toolbar Helper
\InProcServer32\(Default) = C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [file not found]
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = XTTBPos00
-> {HKLM...CLSID} = XTTBPos00 Class
\InProcServer32\(Default) = C:\PROGRA~1\ICQTOO~1\toolbaru.dll [IE Toolbar]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = AcroIEHlprObj Class
\InProcServer32\(Default) = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Safer Networking Limited]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42071714-76d4-11d1-8b24-00a0c9068ff3} = CPL-Erweiterung für Anzeigeverschiebung
-> {HKLM...CLSID} = CPL-Erweiterung für Anzeigeverschiebung
\InProcServer32\(Default) = deskpan.dll [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Erweiterung für HyperTerminal-Icons
-> {HKLM...CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\System32\hticons.dll [Hilgraeve, Inc.]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM...CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = C:\Programme\Real\RealOne Player\rpshellext.dll [RealNetworks]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} = RecordNow! SendToExt
-> {HKLM...CLSID} = RecordNow! SendToExt
\InProcServer32\(Default) = c:\Apps\RecordNow\shlext.dll [null data]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = Outlook-Dateisymbolerweiterung
\InProcServer32\(Default) = C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Programme\Microsoft Office\Office10\msohev.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Programme\Alwil Software\Avast4\ashShell.dll [ALWIL Software]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> bltesisxx\DLLName = ioiychnb.dll [file not found]
<<!>> dimsntfy\DLLName = C:\WINDOWS\System32\dimsntfy.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Programme\Alwil Software\Avast4\ashShell.dll [ALWIL Software]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Programme\Alwil Software\Avast4\ashShell.dll [ALWIL Software]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

undockwithoutlogon = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Dokumente und Einstellungen\Nicki\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\System32\sspipes.scr [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

FunMultiMediaHandler\
Provider = MultiMedia Manager
ProgID = FUNBOX.Autoplay
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = {DF866F1F-10DF-4694-94A9-7F526FC8800A}
-> {HKLM...CLSID} = FUNBOX Autoplay Sample 2
\LocalServer32\(Default) = C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe [file not found]

MSVideoCameraArrival\
Provider = @C:\Programme\Movie Maker\1031\wmm2res.dll,-100
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Programme\Movie Maker\moviemk.exe /RECORD
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

PCinemaDCameraArrival\
Provider = PowerCinema
InvokeProgID = Picture
InvokeVerb = PlayWithPowerCinema
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerCinema\Command\(Default) = c:\Apps\Powercinema\PCM3.exe DSC [CyberLink Corp.]

PCinemaDVArrival\
Provider = PowerCinema
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = c:\Apps\Powercinema\PCM3.exe DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

PCinemaMediaFilesArrival\
Provider = PowerCinema
InvokeProgID = MeidaFiles
InvokeVerb = BrowseWithPowerCinema
HKLM\SOFTWARE\Classes\MeidaFiles\shell\BrowseWithPowerCinema\Command\(Default) = c:\Apps\Powercinema\PCM3.exe [CyberLink Corp.]

PCinemaPlayCDAudioOnArrival\
Provider = PowerCinema
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerCinema
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = c:\Apps\Powercinema\PCM3.exe CD %L [CyberLink Corp.]

PCinemaPlayDVDMovieOnArrival\
Provider = PowerCinema
InvokeProgID = DVD
InvokeVerb = PlayWithPowerCinema
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerCinema\Command\(Default) = c:\Apps\Powercinema\PCM3.exe MOVIE %L [CyberLink Corp.]

PPDVArrival\
Provider = @C:\apps\CyberLink\PowerProducer\Producer.exe,-2
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\apps\CyberLink\PowerProducer\Producer.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

RPCDBurningOnArrival\
Provider = RealOne Player
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = C:\Programme\Real\RealOne Player\RealPlay.exe /burn %1 [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealOne Player
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = C:\Programme\Real\RealOne Player\RealPlay.exe /play %1 [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealOne Player
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = C:\Programme\Real\RealOne Player\RealPlay.exe /dvd %1 [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealOne Player
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = C:\Programme\Real\RealOne Player\RealPlay.exe /autoplay %1 [RealNetworks, Inc.]

SonicRnCdOnArrival\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = open
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\open\Command\(Default) = c:\Apps\RecordNow\RecordNow.exe [null data]

Enabled Scheduled Tasks:
------------------------

HDReg -> launches: c:\Apps\HDReg\HDRegRem.exe [null data]
Registrierungserinnerung 1 -> launches: C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1 [MS]
Registrierungserinnerung 2 -> launches: C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2 [MS]
Registrierungserinnerung 3 -> launches: C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3 [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{855F3B16-6D32-4FE6-8A56-BBB695989046}
-> {HKLM...CLSID} = ICQ Toolbar
\InProcServer32\(Default) = C:\PROGRA~1\ICQTOO~1\toolbaru.dll [IE Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
-> {HKLM...CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = (no title provided)
-> {HKLM...CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [file not found]
{855F3B16-6D32-4FE6-8A56-BBB695989046} = (no title provided)
-> {HKLM...CLSID} = ICQ Toolbar
\InProcServer32\(Default) = C:\PROGRA~1\ICQTOO~1\toolbaru.dll [IE Toolbar]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
MenuText = Sun Java Konsole
CLSIDExtension = {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
ButtonText = ICQ6
MenuText = ICQ6
Exec = C:\Programme\ICQ6\ICQ.exe [ICQ, Inc.]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Programme\Messenger\msmsgs.exe [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {855F3B16-6D32-4fe6-8A56-BBB695989046} = (no title provided)
-> {HKLM...CLSID} = ICQ Toolbar
\InProcServer32\(Default) = C:\PROGRA~1\ICQTOO~1\toolbaru.dll [IE Toolbar]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, C:\Programme\Alwil Software\Avast4\ashServ.exe [ALWIL Software]
avast! iAVS4 Control Service, aswUpdSv, C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [ALWIL Software]
avast! Mail Scanner, avast! Mail Scanner, C:\Programme\Alwil Software\Avast4\ashMaiSv.exe /service [ALWIL Software]
avast! Web Scanner, avast! Web Scanner, C:\Programme\Alwil Software\Avast4\ashWebSv.exe /service [ALWIL Software]
BlueSoleil Hid Service, BlueSoleil Hid Service, C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe [null data]
McAfee.com Personal Firewall Service, MpfService, C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [McAfee.com Corporation]
WAN Miniport (ATW) Service, WANMiniportService, C:\WINDOWS\wanmpsvc.exe [America Online, Inc.]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = FXSMON.DLL [MS]

---------- (launch time: 2008-10-21 20:34:16)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 228 seconds.
---------- (total run time: 327 seconds)
[br][br]Erstellt am: 21.10.08 um 20:41:02

[br]Adobe Flash Player 9
Adobe Reader 6.0 - Deutsch
AntiVir/XP
AOL Deinstallation
avast! Antivirus
BlueSoleil
Brother MFL-Pro Suite
Compatibility Pack for the 2007 Office system
Die Sims - Tierisch gut drauf
Die Sims 2
Die Sims 2: Wilde Campus-Jahre
DivX Codec
DivX Converter
DivX Player
DivX Web Player
HijackThis 2.0.2
Hotfix für Windows XP (KB952287)
HS Nettoeinkommen Pro 2006 - Version 14.03
ICQ Toolbar
ICQ6
InstallRTC
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2_01
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
McAfee Personal Firewall Plus
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional mit FrontPage
MindManager Smart
Mozilla Firefox (2.0.0.17)
MSXML 4.0 SP2 (KB936181)
Packard Bell InfoCentre
PaperPort Image Printer
phonostar-Player Version 2.01.0
PowerQuest PartitionMagic 8.0
QuickTime
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sonic RecordNow!
Spybot - Search & Destroy 1.4 beta 2
TIPP10 Version 2.0.1
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
VeryPDF PDF2Word v3.0
Viewpoint Media Player
Winamp (remove only)
Windows Essentials Media Codec Pack 1.0
Windows Internet Explorer 7
Windows XP Service Pack 3

[br][br]Erstellt am: 21.10.08 um 20:45:38

[br]so und nun bin ich aber mal gespannt was da noch alles an Antworten auf mich zukommt.
muß jetzt aber leider noch mal weg und kann erst morgen die Antworten checken und gegf. eine Reaktion darauf starten, also nicht böse sein aber ich habe noch ein paar andere Dinge zu tun als vor dem PC zu sitzen auch wenns diesesmal für mich richtig lehrreich und spanned ist.

gruß

und bis morgen

Logo

schrauber · 21.10.2008

das sieht nicht gut aus

Steinhund · 21.10.2008

das sieht nicht gut aus

Wenn der Schauber das schon soo sagt, ei ei. Sollte das hier der erste Fall der schrauberschen Kapitulation werden :-? - das will ich doch nicht hoffen.

Aber mal abgesehen von den bösen Dingen, die sich da tummeln. Der Rechner hat definitv mal eine Neuinstallation nötig. Bei dem was da so alles drauf ist. Aufräumen geht da, so wie sich das mir darstellt, nicht mehr wirklich.

Noch ein Tipp, für den Fall einer Neuiinstallation. Wenn Deine Tochter schon unbedignt, icq, yahoo und was weiß ich für Messenger braucht (was ja durchaus i.O. geht) - informiert Euch vorher, wie man diese ganzen ungeliebten Mitbringsel wie Toolbars etc. gar nicht erst mit installiert. Oder denkt über eine Alternative wie Trillian nach.

MfG

Nick

schrauber · 22.10.2008

hi,

die malware könnte man beseitigen

was ich mich nur frage ist, in wiefern die installation des sp2 auf diesen verseuchten karren das betriebssystem zerschossen hat. denn das macht malware gerne, wenn man in dem zustand updates installiert.

falls der TO eine bereinigung versuchen möchte, bitte von der seite mit den anleitungen das tool combofix ausführen und das log posten.

Anit vir funktionierte nicht mehr läßt sich aber nicht ganz entfernen

schrauber

logologo

schrauber

Steinhund

schrauber

Anit vir funktionierte nicht mehr läßt sich aber nicht ganz entfernen

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums