Bluescreen Virus

Dieses Thema Bluescreen Virus im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von balou, 27. Sep. 2008.

Thema: Bluescreen Virus Hallo! Ich habe das gleiche Problem und wäre für Hilfe sehr dankbar. Danke! Viele Grüße, balou ***************...

  1. Hallo!

    Ich habe das gleiche Problem und wäre für Hilfe sehr dankbar.

    Danke!

    Viele Grüße,
    balou
    ***************

    Code:
    Hier ist mein logfile aus Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:19:34, on 27.09.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [recinfo644] c:\RecInfo\RecInfo.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [lphc1noj0eeeq] C:\Windows\system32\lphc1noj0eeeq.exe
    O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup
    O4 - HKCU\..\Run: [Device Detection] C:\Program Files\LIDL Fotoservice\dd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix: 
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - [url]http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab[/url]
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
    O18 - Protocol: haufereader - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83} - (no file)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    
    --
    End of file - 7769 bytes
    *Abgetrennt vom Thema Bluescreen-Virus als Bildschirmschoner:
    http://www.wintotal-forum.de/index.php/topic,147629.0.html
     
  2. Hallo,

    danke für die schnelle Antwort.

    Die Anzeigeeinstellungen gehen bereits wieder. Super!

    Hier die Logs:

    Malwarebytes Anti-Malware:

    Malwarebytes' Anti-Malware 1.28
    Datenbank Version: 1212
    Windows 6.0.6000

    27.09.2008 18:04:12
    mbam-log-2008-09-27 (18-04-12).txt

    Scan-Methode: Vollständiger Scan (C:\|D:\|)
    Durchsuchte Objekte: 162588
    Laufzeit: 1 hour(s), 39 minute(s), 26 second(s)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 2
    Infizierte Registrierungswerte: 4
    Infizierte Dateiobjekte der Registrierung: 2
    Infizierte Verzeichnisse: 11
    Infizierte Dateien: 3

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc5noj0eeeq (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Infizierte Registrierungswerte:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5noj0eeeq (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc1noj0eeeq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Infizierte Dateiobjekte der Registrierung:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Infizierte Verzeichnisse:
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Infizierte Dateien:
    C:\Windows\System32\blphc1noj0eeeq.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\phc1noj0eeeq.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Dirk Krumdieck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    [br][br]Erstellt am: 27.09.08 um 18:17:33[hr][br]RSIT Log Teil 1

    Logfile of random's system information tool 1.02 (written by random/random)
    Run by Dirk Krumdieck at 2008-09-27 18:11:25
    Microsoft® Windows Vista™ Home Premium
    System drive C: has 39 GB (26%) free of 152 GB
    Total RAM: 2046 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:11:32, on 27.09.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Dirk Krumdieck\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Dirk Krumdieck.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [recinfo644] c:\RecInfo\RecInfo.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup
    O4 - HKCU\..\Run: [Device Detection] C:\Program Files\LIDL Fotoservice\dd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: haufereader - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83} - (no file)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 7717 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-17 2427968]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    Windows Defender=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-07 1006264]
    StartCCC=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    RtHDVCpl=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
    SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
    IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-05-04 174872]
    IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-05-04 33048]
    Adobe Reader Speed Launcher=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
    NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
    recinfo644=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]
    WinampAgent=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
    SunJavaUpdateSched=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    LexwareInfoService=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2007-09-25 532776]
    Windows Mobile-based device management=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
    avgnt=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    SSBkgdUpdate=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
    OpwareSE4=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    ehTray.exe=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
    swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-01-17 171448]
    Speech Recognition=C:\Windows\Speech\Common\sapisvr.exe [2006-11-02 49664]
    Device Detection=C:\Program Files\LIDL Fotoservice\dd.exe []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Acrobat Assistant.lnk - C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
    [br][br]Erstellt am: 27.09.08 um 18:19:27[hr][br]RSIT log Teil 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83}

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    NoDispScrSavPage=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    EnableLUA=0
    dontdisplaylastusername=0
    legalnoticecaption=
    legalnoticetext=
    shutdownwithoutlogon=1
    undockwithoutlogon=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe=C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2008-09-27 18:11:25 ----D---- C:\rsit
    2008-09-27 16:52:14 ----A---- C:\Windows\dirsaver.ini
    2008-09-27 14:39:53 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\Malwarebytes
    2008-09-27 14:39:48 ----D---- C:\ProgramData\Malwarebytes
    2008-09-27 14:39:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:19:15 ----D---- C:\Program Files\Trend Micro
    2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaws.exe
    2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaw.exe
    2008-09-27 14:10:43 ----A---- C:\Windows\system32\java.exe
    2008-09-27 13:43:48 ----A---- C:\Windows\ntbtlog.txt
    2008-09-27 12:59:20 ----A---- C:\Windows\sreensaver.exe
    2008-09-27 12:59:20 ----A---- C:\Windows\gscr.dll
    2008-09-20 18:07:49 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\Skype
    2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files\Skype
    2008-09-20 17:52:05 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\skypePM
    2008-09-20 17:48:11 ----D---- C:\Program Files\Skype
    2008-09-20 17:46:59 ----D---- C:\ProgramData\Skype
    2008-09-10 06:39:24 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-09-07 19:56:59 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\fotoclicks Publisher Komplett
    2008-09-06 19:51:18 ----A---- C:\mandant.ini
    2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippsa611.dll
    2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippja611.dll
    2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippia611.dll
    2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippcva611.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsra611.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsr11.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ipps11.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippj11.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippi11.dll
    2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippcv11.dll
    2008-09-06 19:21:24 ----A---- C:\Windows\system32\IPPCPUID.DLL
    2008-09-06 19:21:19 ----A---- C:\Windows\IsUninst.exe
    2008-09-06 19:21:11 ----A---- C:\Windows\system32\unidrv.dll
    2008-09-06 19:21:11 ----A---- C:\Windows\system32\PMDrvStr.ini
    2008-09-06 19:21:11 ----A---- C:\Windows\system32\NSPdf32.dll
    2008-09-06 19:21:10 ----A---- C:\Windows\system32\NSPDF16.DLL
    2008-09-06 19:21:10 ----A---- C:\Windows\system32\ijl15.dll
    2008-09-06 19:21:10 ----A---- C:\Windows\system32\ICONLIB.DLL
    2008-09-06 19:21:03 ----A---- C:\Windows\system32\pmsbfn32.dll
    2008-09-06 19:20:01 ----D---- C:\Program Files\Common Files\PDFView
    2008-09-06 19:19:58 ----D---- C:\Windows\system32\color
    2008-09-06 19:19:58 ----D---- C:\Program Files\NewSoft
    2008-09-06 19:18:59 ----A---- C:\Windows\MAXLINK.INI
    2008-09-06 19:18:56 ----D---- C:\ProgramData\InstallShield
    2008-09-06 19:18:55 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\ScanSoft
    2008-09-06 19:18:43 ----D---- C:\ProgramData\ScanSoft
    2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\ScanSoft Shared
    2008-09-06 19:18:00 ----D---- C:\Program Files\ScanSoft
    2008-09-06 19:17:16 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\ArcSoft
    2008-09-06 19:16:38 ----D---- C:\Program Files\Common Files\CANON
    2008-09-06 19:14:12 ----D---- C:\Program Files\ArcSoft
    2008-09-06 19:14:12 ----A---- C:\Windows\PCDLIB32.DLL
    2008-09-06 19:08:46 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
    2008-09-06 19:08:36 ----HD---- C:\Program Files\CanonBJ
    2008-08-30 16:43:53 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\fotobuch.de AG
    2008-08-30 16:43:53 ----D---- C:\ProgramData\fotobuch.de AG
    2008-08-30 16:41:10 ----D---- C:\Windows\system32\artworks
    2008-08-30 16:41:10 ----D---- C:\Program Files\fotobuch.de AG
    2008-08-30 12:09:29 ----D---- C:\Program Files\LIDL Fotoservice

    ======List of files/folders modified in the last 1 months======

    2008-09-27 18:11:27 ----D---- C:\Windows\Temp
    2008-09-27 18:08:49 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-27 18:08:19 ----RSD---- C:\Windows\assembly
    2008-09-27 18:06:48 ----RD---- C:\Program Files
    2008-09-27 18:06:48 ----D---- C:\Windows\system32\drivers
    2008-09-27 18:04:12 ----D---- C:\Windows\System32
    2008-09-27 16:52:14 ----D---- C:\Windows
    2008-09-27 14:39:48 ----D---- C:\ProgramData
    2008-09-27 14:17:47 ----SHD---- C:\System Volume Information
    2008-09-27 14:11:02 ----SHD---- C:\Windows\Installer
    2008-09-27 14:10:43 ----D---- C:\Program Files\Java
    2008-09-27 12:59:22 ----D---- C:\Windows\Prefetch
    2008-09-27 09:34:42 ----D---- C:\Windows\Minidump
    2008-09-27 08:32:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-09-27 08:32:21 ----D---- C:\Windows\inf
    2008-09-26 18:42:13 ----A---- C:\Windows\winamp.ini
    2008-09-24 07:34:43 ----A---- C:\Windows\NeroDigital.ini
    2008-09-20 18:16:30 ----D---- C:\Windows\system32\WDI
    2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files
    2008-09-20 18:06:46 ----D---- C:\Windows\system32\Tasks
    2008-09-19 06:37:27 ----D---- C:\Windows\system32\catroot2
    2008-09-16 20:31:17 ----SD---- C:\Windows\Downloaded Program Files
    2008-09-11 03:01:16 ----D---- C:\Windows\winsxs
    2008-09-10 06:38:39 ----D---- C:\Windows\system32\catroot
    2008-09-06 19:20:51 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\InstallShield
    2008-09-06 19:15:40 ----D---- C:\Program Files\Canon
    2008-08-31 07:25:40 ----D---- C:\Windows\rescache
    2008-08-31 07:08:58 ----D---- C:\Windows\system32\de-DE
    2008-08-30 17:34:15 ----D---- C:\Program Files\Panda Security
    2008-08-30 16:43:26 ----RSD---- C:\Windows\Fonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
    R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-07 14208]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
    R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
    R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-07 11264]
    S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
    S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
    S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
    S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
    S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-24 149761]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920]
    R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-05-04 355096]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
    R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

    [br][br]Erstellt am: 27.09.08 um 18:21:31[hr][br]RSIT Info

    info.txt logfile of random's system information tool 1.02 2008-09-27 18:11:35

    ======Uninstall list======

    -->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{4269E12F-3405-48E9-83A5-A2BBAA23FDFA}\setup.exe -l0x7 -removeonly
    Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe -l0x7
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    CanoScan 4400F-->C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803\DelDrv.exe /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803 /L0x0007
    Designer 2.0-->C:\Program Files\fotobuch.de AG\Designer 2.0\unins000.exe
    HijackThis 2.0.2-->C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /uninstall
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Malwarebytes' Anti-Malware-->C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
    Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Presto! PageManager 7.15.13-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}\PMSetup.exe -l0x7 anything -removeonly
    ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    sreensaver ScreenSaver-->C:\Windows\sreensaver.scr /U

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: Avira AntiVir PersonalEdition (outdated)
    AS: Windows-Defender

    ======Environment variables======

    ComSpec=%SystemRoot%\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    OS=Windows_NT
    Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Haufe\iDesk\iDeskService\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    TEMP=%SystemRoot%\TEMP
    TMP=%SystemRoot%\TEMP
    USERNAME=SYSTEM
    windir=%SystemRoot%
    PROCESSOR_LEVEL=6
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
    PROCESSOR_REVISION=0f0a
    NUMBER_OF_PROCESSORS=2

    -----------------EOF-----------------
     
  3. http://siri.urz.free.fr/Fix/SmitfraudFix_De.php

    auf dieser seite smitfraudfix laden, und wie folgt abarbeiten:

    Suche:

    • Doppelklick auf die SmitfraudFix.exe
    • Wähle die 1 und drücke auf Enter um einen Bericht der infizierten Dateien zu bekommen. Dieser Bericht soll gespeichert werden, als C:\rapport-1.txt


    Bericht hier posten
     
  4. Das habe ich gemacht.

    Hier der Log.

    SmitFraudFix v2.354

    Scan done at 20:49:41,47, 27.09.2008
    Run from C:\Users\Dirk Krumdieck\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dirk Krumdieck


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dirk Krumdieck\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\DIRKKR~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs=
    LoadAppInit_DLLs=dword:00000000


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Userinit=C:\\Windows\\system32\\userinit.exe,


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  5. ist nicht gefährlich (schädlich), wie HijackThis.de anzeigt
    http://www.wintotal.de/Spyware/index.php?Filter=R#Spyware14039
    gehört zu Fujitsu Siemens Computers.

    pan_fee
     
  6. was kann man denn für ein Problem aus den Logs auslesen?
    Aktuell kann ich zumindest keine Einschränkungen am Rechner feststellen.

    Bitte kurz um Info.

    Danke euch!

    balou
     
  7. Beseitigung der Symptome heißt nicht dass die malware weg ist. Wir haben noch ein wenig arbeit :).
     
  8. Hier schon einmal der Log von F-Secure:

    Scanning Report
    Saturday, September 27, 2008 21:36:01 - 01:19:32

    Computer name: KRUMDIECK
    Scanning type: Scan system for malware, rootkits
    Target: C:\ D:\
    Result: 11 malware found
    RiskTool.Win32.Reboot (spyware)

    * System

    Rogue:W32/IeDefender.CT (spyware)

    * System

    TrackingCookie.2o7 (spyware)

    * System

    TrackingCookie.Adtech (spyware)

    * System

    TrackingCookie.Advertising (spyware)

    * System

    TrackingCookie.Atdmt (spyware)

    * System

    TrackingCookie.Doubleclick (spyware)

    * System

    TrackingCookie.Mediaplex (spyware)

    * System

    TrackingCookie.Statcounter (spyware)

    * System

    TrackingCookie.Tradedoubler (spyware)

    * System

    TrackingCookie.Yieldmanager (spyware)

    * System

    Statistics
    Scanned:

    * Files: 52943
    * System: 3944
    * Not scanned: 23

    Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 11
    * Submitted: 0

    Files not scanned:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    * C:\USERS\DIRK KRUMDIECK\APPDATA\LOCAL\TEMP\ETILQS_REOWEMZKFN463ZGAIHIK
    * C:\USERS\DIRK KRUMDIECK\APPDATA\LOCAL\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{2879C0FB-AA8D-4BB2-BA30-A5371C6E6265}
    * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B1949B4CD8FF5CC5E06B8961DDBF25_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
    * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A652BC2F4BF5602FE6AC5B64F30F381E_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B1949B4CD8FF5CC5E06B8961DDBF25_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A652BC2F4BF5602FE6AC5B64F30F381E_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
    * C:\BOOT\BCD

    Options
    Scanning engines:

    * F-Secure USS: 2.30.0
    * F-Secure Hydra: 2.8.8110, 2008-09-27
    * F-Secure AVP: 7.0.171, 2008-09-26
    * F-Secure Pegasus: 1.20.0, 2008-08-09

    Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Use Advanced heuristics [br][br]Erstellt am: 28.09.08 um 12:15:30[hr][br]Hier der Log von ESET:

    Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted)
    C:\Users\Dirk Krumdieck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4733b815-31a7307a

    Dr. Web läuft gerade...[br][br]Erstellt am: 28.09.08 um 12:17:44[hr][br]Ich habe ein kleines Problemchen bei dem ich HIlfe benötigen würde.
    Um RSIT nochmals durchfürhen zu können, müsste ich über Start => ausführen => %userprofile%\desktop\rsit.exe /info gehen.
    Bei mir unter Vista gibt es aber kein ausführen mehr im Start-Menü.

    Weißt du wie ich dann vorgehen muss?

    Danke!
     
Die Seite wird geladen...

Bluescreen Virus - Ähnliche Themen

Forum Datum
Nach Virusscan und erkannten Virus und neustart nur Bluescreen Windows XP Forum 7. Apr. 2012
Bluescreen-Virus als Bildschirmschoner Viren, Trojaner, Spyware etc. 21. Aug. 2008
Bluescreen Crash SYSTEM_SERVICE_EXCEPTION 0x0000003b Ntfs.sys Windows 7 Forum 6. Dez. 2015
Dauerhaft Bluescreens beim Hochfahren des Pcs Windows 8 Forum 18. Feb. 2015
Bluescreen bei Installation Windows 8 Forum 18. Feb. 2015