Bluescreen Virus

Hallo!

Ich habe das gleiche Problem und wäre für Hilfe sehr dankbar.

Danke!

Viele Grüße,
balou
***************


*Abgetrennt vom Thema Bluescreen-Virus als Bildschirmschoner:
http://www.wintotal-forum.de/index.php/topic,147629.0.html

http://www.wintotal-forum.de/index.php/topic,147847.0.html

von dieser seite die anleitung für

malwareybytes und
RSIT

abarbeiten, logs posten.

Hallo,

danke für die schnelle Antwort.

Die Anzeigeeinstellungen gehen bereits wieder. Super!

Hier die Logs:

Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1212
Windows 6.0.6000

27.09.2008 18:04:12
mbam-log-2008-09-27 (18-04-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 162588
Laufzeit: 1 hour(s), 39 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 11
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\rhc5noj0eeeq (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5noj0eeeq (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc1noj0eeeq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\rhc5noj0eeeq\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\blphc1noj0eeeq.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\phc1noj0eeeq.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Dirk Krumdieck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

[br][br]Erstellt am: 27.09.08 um 18:17:33

---

[br]RSIT Log Teil 1

Logfile of random's system information tool 1.02 (written by random/random)
Run by Dirk Krumdieck at 2008-09-27 18:11:25
Microsoft® Windows Vista™ Home Premium
System drive C: has 39 GB (26%) free of 152 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:32, on 27.09.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dirk Krumdieck\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dirk Krumdieck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo644] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\LIDL Fotoservice\dd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83} - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 7717 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-17 2427968]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Windows Defender=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-07 1006264]
StartCCC=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
RtHDVCpl=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-05-04 174872]
IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-05-04 33048]
Adobe Reader Speed Launcher=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
recinfo644=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]
WinampAgent=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
SunJavaUpdateSched=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
LexwareInfoService=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2007-09-25 532776]
Windows Mobile-based device management=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
avgnt=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
SSBkgdUpdate=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
OpwareSE4=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-01-17 171448]
Speech Recognition=C:\Windows\Speech\Common\sapisvr.exe [2006-11-02 49664]
Device Detection=C:\Program Files\LIDL Fotoservice\dd.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[br][br]Erstellt am: 27.09.08 um 18:19:27

---

[br]RSIT log Teil 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
NoDispScrSavPage=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
EnableLUA=0
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe=C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-09-27 18:11:25 ----D---- C:\rsit
2008-09-27 16:52:14 ----A---- C:\Windows\dirsaver.ini
2008-09-27 14:39:53 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\Malwarebytes
2008-09-27 14:39:48 ----D---- C:\ProgramData\Malwarebytes
2008-09-27 14:39:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 14:19:15 ----D---- C:\Program Files\Trend Micro
2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaws.exe
2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaw.exe
2008-09-27 14:10:43 ----A---- C:\Windows\system32\java.exe
2008-09-27 13:43:48 ----A---- C:\Windows\ntbtlog.txt
2008-09-27 12:59:20 ----A---- C:\Windows\sreensaver.exe
2008-09-27 12:59:20 ----A---- C:\Windows\gscr.dll
2008-09-20 18:07:49 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\Skype
2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files\Skype
2008-09-20 17:52:05 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\skypePM
2008-09-20 17:48:11 ----D---- C:\Program Files\Skype
2008-09-20 17:46:59 ----D---- C:\ProgramData\Skype
2008-09-10 06:39:24 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-07 19:56:59 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\fotoclicks Publisher Komplett
2008-09-06 19:51:18 ----A---- C:\mandant.ini
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippsa611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippja611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippia611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippcva611.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsra611.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsr11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ipps11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippj11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippi11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippcv11.dll
2008-09-06 19:21:24 ----A---- C:\Windows\system32\IPPCPUID.DLL
2008-09-06 19:21:19 ----A---- C:\Windows\IsUninst.exe
2008-09-06 19:21:11 ----A---- C:\Windows\system32\unidrv.dll
2008-09-06 19:21:11 ----A---- C:\Windows\system32\PMDrvStr.ini
2008-09-06 19:21:11 ----A---- C:\Windows\system32\NSPdf32.dll
2008-09-06 19:21:10 ----A---- C:\Windows\system32\NSPDF16.DLL
2008-09-06 19:21:10 ----A---- C:\Windows\system32\ijl15.dll
2008-09-06 19:21:10 ----A---- C:\Windows\system32\ICONLIB.DLL
2008-09-06 19:21:03 ----A---- C:\Windows\system32\pmsbfn32.dll
2008-09-06 19:20:01 ----D---- C:\Program Files\Common Files\PDFView
2008-09-06 19:19:58 ----D---- C:\Windows\system32\color
2008-09-06 19:19:58 ----D---- C:\Program Files\NewSoft
2008-09-06 19:18:59 ----A---- C:\Windows\MAXLINK.INI
2008-09-06 19:18:56 ----D---- C:\ProgramData\InstallShield
2008-09-06 19:18:55 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\ScanSoft
2008-09-06 19:18:43 ----D---- C:\ProgramData\ScanSoft
2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-09-06 19:18:00 ----D---- C:\Program Files\ScanSoft
2008-09-06 19:17:16 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\ArcSoft
2008-09-06 19:16:38 ----D---- C:\Program Files\Common Files\CANON
2008-09-06 19:14:12 ----D---- C:\Program Files\ArcSoft
2008-09-06 19:14:12 ----A---- C:\Windows\PCDLIB32.DLL
2008-09-06 19:08:46 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-09-06 19:08:36 ----HD---- C:\Program Files\CanonBJ
2008-08-30 16:43:53 ----D---- C:\Users\Dirk Krumdieck\AppData\Roaming\fotobuch.de AG
2008-08-30 16:43:53 ----D---- C:\ProgramData\fotobuch.de AG
2008-08-30 16:41:10 ----D---- C:\Windows\system32\artworks
2008-08-30 16:41:10 ----D---- C:\Program Files\fotobuch.de AG
2008-08-30 12:09:29 ----D---- C:\Program Files\LIDL Fotoservice

======List of files/folders modified in the last 1 months======

2008-09-27 18:11:27 ----D---- C:\Windows\Temp
2008-09-27 18:08:49 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 18:08:19 ----RSD---- C:\Windows\assembly
2008-09-27 18:06:48 ----RD---- C:\Program Files
2008-09-27 18:06:48 ----D---- C:\Windows\system32\drivers
2008-09-27 18:04:12 ----D---- C:\Windows\System32
2008-09-27 16:52:14 ----D---- C:\Windows
2008-09-27 14:39:48 ----D---- C:\ProgramData
2008-09-27 14:17:47 ----SHD---- C:\System Volume Information
2008-09-27 14:11:02 ----SHD---- C:\Windows\Installer
2008-09-27 14:10:43 ----D---- C:\Program Files\Java
2008-09-27 12:59:22 ----D---- C:\Windows\Prefetch
2008-09-27 09:34:42 ----D---- C:\Windows\Minidump
2008-09-27 08:32:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-27 08:32:21 ----D---- C:\Windows\inf
2008-09-26 18:42:13 ----A---- C:\Windows\winamp.ini
2008-09-24 07:34:43 ----A---- C:\Windows\NeroDigital.ini
2008-09-20 18:16:30 ----D---- C:\Windows\system32\WDI
2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files
2008-09-20 18:06:46 ----D---- C:\Windows\system32\Tasks
2008-09-19 06:37:27 ----D---- C:\Windows\system32\catroot2
2008-09-16 20:31:17 ----SD---- C:\Windows\Downloaded Program Files
2008-09-11 03:01:16 ----D---- C:\Windows\winsxs
2008-09-10 06:38:39 ----D---- C:\Windows\system32\catroot
2008-09-06 19:20:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-06 19:15:40 ----D---- C:\Program Files\Canon
2008-08-31 07:25:40 ----D---- C:\Windows\rescache
2008-08-31 07:08:58 ----D---- C:\Windows\system32\de-DE
2008-08-30 17:34:15 ----D---- C:\Program Files\Panda Security
2008-08-30 16:43:26 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-07 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-07 11264]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-24 149761]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-05-04 355096]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

[br][br]Erstellt am: 27.09.08 um 18:21:31

---

[br]RSIT Info

info.txt logfile of random's system information tool 1.02 2008-09-27 18:11:35

======Uninstall list======

-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{4269E12F-3405-48E9-83A5-A2BBAA23FDFA}\setup.exe -l0x7 -removeonly
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe -l0x7
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CanoScan 4400F-->C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803\DelDrv.exe /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803 /L0x0007
Designer 2.0-->C:\Program Files\fotobuch.de AG\Designer 2.0\unins000.exe
HijackThis 2.0.2-->C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Presto! PageManager 7.15.13-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}\PMSetup.exe -l0x7 anything -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
sreensaver ScreenSaver-->C:\Windows\sreensaver.scr /U

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Avira AntiVir PersonalEdition (outdated)
AS: Windows-Defender

======Environment variables======

ComSpec=%SystemRoot%\system32\cmd.exe
FP_NO_HOST_CHECK=NO
OS=Windows_NT
Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Haufe\iDesk\iDeskService\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
TEMP=%SystemRoot%\TEMP
TMP=%SystemRoot%\TEMP
USERNAME=SYSTEM
windir=%SystemRoot%
PROCESSOR_LEVEL=6
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_REVISION=0f0a
NUMBER_OF_PROCESSORS=2

-----------------EOF-----------------

http://siri.urz.free.fr/Fix/SmitfraudFix_De.php

auf dieser seite smitfraudfix laden, und wie folgt abarbeiten:

Suche:

• Doppelklick auf die SmitfraudFix.exe
• Wähle die 1 und drücke auf Enter um einen Bericht der infizierten Dateien zu bekommen. Dieser Bericht soll gespeichert werden, als C:\rapport-1.txt

Bericht hier posten

Das habe ich gemacht.

Hier der Log.

SmitFraudFix v2.354

Scan done at 20:49:41,47, 27.09.2008
Run from C:\Users\Dirk Krumdieck\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dirk Krumdieck


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dirk Krumdieck\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\DIRKKR~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs=
LoadAppInit_DLLs=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=C:\\Windows\\system32\\userinit.exe,


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6B2A1C07-F996-4CCF-8949-4CA1AE325C64}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B38609BA-F1A6-4F75-B995-69298985B85A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

O4 - HKLM\..\Run: [recinfo644] c:\RecInfo\RecInfo.exe

Zum Vergrößern anklicken....

recinfo644=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]

Zum Vergrößern anklicken....

ist nicht gefährlich (schädlich), wie HijackThis.de anzeigt
http://www.wintotal.de/Spyware/index.php?Filter=R#Spyware14039
gehört zu Fujitsu Siemens Computers.

pan_fee

http://support.f-secure.com/ger/home/ols.shtml

http://www.eset.com/onlinescan/

diese beiden onlinescans machen, log posten.

====

http://www.wintotal-forum.de/index.php/topic,147847.0.html

von dieser seite anleitung für dr.web abarbeiten.

====

http://www.wintotal-forum.de/index.php/topic,147847.0.html

von dieser seite anleitung für erneutes laufen lassen von RSIT abarbeiten.

was kann man denn für ein Problem aus den Logs auslesen?
Aktuell kann ich zumindest keine Einschränkungen am Rechner feststellen.

Bitte kurz um Info.

Danke euch!

balou

Beseitigung der Symptome heißt nicht dass die malware weg ist. Wir haben noch ein wenig arbeit .

Hier schon einmal der Log von F-Secure:

Scanning Report
Saturday, September 27, 2008 21:36:01 - 01:19:32

Computer name: KRUMDIECK
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 11 malware found
RiskTool.Win32.Reboot (spyware)

* System

Rogue:W32/IeDefender.CT (spyware)

* System

TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Adtech (spyware)

* System

TrackingCookie.Advertising (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Mediaplex (spyware)

* System

TrackingCookie.Statcounter (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 52943
* System: 3944
* Not scanned: 23

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 11
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\DIRK KRUMDIECK\APPDATA\LOCAL\TEMP\ETILQS_REOWEMZKFN463ZGAIHIK
* C:\USERS\DIRK KRUMDIECK\APPDATA\LOCAL\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{2879C0FB-AA8D-4BB2-BA30-A5371C6E6265}
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B1949B4CD8FF5CC5E06B8961DDBF25_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A652BC2F4BF5602FE6AC5B64F30F381E_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B1949B4CD8FF5CC5E06B8961DDBF25_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A652BC2F4BF5602FE6AC5B64F30F381E_E1667C8A-7BEF-4856-96A4-80DCFF3DF4A7
* C:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-09-27
* F-Secure AVP: 7.0.171, 2008-09-26
* F-Secure Pegasus: 1.20.0, 2008-08-09

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics [br][br]Erstellt am: 28.09.08 um 12:15:30

---

[br]Hier der Log von ESET:

Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted)
C:\Users\Dirk Krumdieck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4733b815-31a7307a

Dr. Web läuft gerade...[br][br]Erstellt am: 28.09.08 um 12:17:44

---

[br]Ich habe ein kleines Problemchen bei dem ich HIlfe benötigen würde.
Um RSIT nochmals durchfürhen zu können, müsste ich über Start => ausführen => %userprofile%\desktop\rsit.exe /info gehen.
Bei mir unter Vista gibt es aber kein ausführen mehr im Start-Menü.

Weißt du wie ich dann vorgehen muss?

Danke!

genau so wie jumper schrieb .

hast du die funde von f-secure nicht löschen lassen?

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 11
* Submitted: 0

Zum Vergrößern anklicken....

bei F-Secure habe ich schon löschen ausgewählt. Komisch, dass er das nicht anzeigt.

Dr. Web läuft übrigens immer noch...
Stelle dann später... oder wann immer das Programm fertig ist... das Log ein.
[br][br]Erstellt am: 28.09.08 um 20:13:21

---

[br]So. Dr. Web ist fertig.
Hat 7 Funde:

Process.exe // C:\Documents and Settings\unser Name\Smitfraudfix // Tool.Prockill
restart.exe // C:\Documents and Settings\unser Name\Smitfraudfix // Tool.ShutDown.11
Process.exe // C:\Dokumente und Einstellungen\unser Name\Smitfraudfix // Tool.Prockill
restart.exe // C:\Dokumente und Einstellungen\unser Name\Smitfraudfix // Tool.ShutDown.11
Process.exe // C:\Users\Dirk Krumdieck\Smitfraudfix // Tool.Prockill
restart.exe // C:\Users\Dirk Krumdieck\Smitfraudfix // Tool.ShutDown.11
Process.exe // C:\Windows\system32 // Tool.Prockill

War Smitfraudfix nicht eines der Malwaresuchprogramme?

Was soll ich mit den Funden machen?
Löschen? Desinfizieren?
[br][br]Erstellt am: 28.09.08 um 21:21:06

---

[br]Hier nun auch RSIT info:

info.txt logfile of random's system information tool 1.02 2008-09-28 21:36:31

======Uninstall list======

-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{4269E12F-3405-48E9-83A5-A2BBAA23FDFA}\setup.exe -l0x7 -removeonly
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe -l0x7
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CanoScan 4400F-->C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803\DelDrv.exe /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803 /L0x0007
Designer 2.0-->C:\Program Files\fotobuch.de AG\Designer 2.0\unins000.exe
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2-->C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Presto! PageManager 7.15.13-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Program Files\InstallShield Installation Information\{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}\PMSetup.exe -l0x7 anything -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
sreensaver ScreenSaver-->C:\Windows\sreensaver.scr /U

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Avira AntiVir PersonalEdition (outdated)
AS: Windows-Defender

======Environment variables======

ComSpec=%SystemRoot%\system32\cmd.exe
FP_NO_HOST_CHECK=NO
OS=Windows_NT
Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Haufe\iDesk\iDeskService\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
TEMP=%SystemRoot%\TEMP
TMP=%SystemRoot%\TEMP
USERNAME=SYSTEM
windir=%SystemRoot%
PROCESSOR_LEVEL=6
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_REVISION=0f0a
NUMBER_OF_PROCESSORS=2

-----------------EOF-----------------
[br][br]Erstellt am: 28.09.08 um 21:40:42

---

[br]RSIT log Teil 1

Logfile of random's system information tool 1.02 (written by random/random)
Run by Name Name at 2008-09-28 21:36:22
Microsoft® Windows Vista™ Home Premium
System drive C: has 39 GB (25%) free of 152 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:27, on 28.09.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Name Name\Desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\Name Name.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo644] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\LIDL Fotoservice\dd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User->NETZWERKDIENST')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83} - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 7900 bytes
[br][br]Erstellt am: 28.09.08 um 21:42:06

---

[br]RSIT log Teil 2

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-17 2427968]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Windows Defender=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-07 1006264]
StartCCC=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
RtHDVCpl=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-05-04 174872]
IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-05-04 33048]
Adobe Reader Speed Launcher=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
recinfo644=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]
WinampAgent=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
SunJavaUpdateSched=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
LexwareInfoService=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2007-09-25 532776]
Windows Mobile-based device management=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
avgnt=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
SSBkgdUpdate=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
OpwareSE4=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-01-17 171448]
Speech Recognition=C:\Windows\Speech\Common\sapisvr.exe [2006-11-02 49664]
Device Detection=C:\Program Files\LIDL Fotoservice\dd.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Acrobat 6.0\Distillr\acrotray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
fVJpOIn - {B2E76F62-184D-C5C8-C624-2264A309BA83}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
NoDispScrSavPage=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
EnableLUA=0
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe=C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-09-28 08:04:33 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-27 21:29:03 ----D---- C:\fsaua.data
2008-09-27 20:51:35 ----A---- C:\rapport-1.txt
2008-09-27 20:49:44 ----A---- C:\Windows\system32\tmp.txt
2008-09-27 20:49:41 ----A---- C:\rapport.txt
2008-09-27 20:49:12 ----A---- C:\Windows\system32\o4Patch.exe
2008-09-27 20:49:12 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-09-27 20:49:12 ----A---- C:\Windows\system32\AntiXPVSTFix.exe
2008-09-27 20:49:12 ----A---- C:\Windows\system32\404Fix.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\WS2Fix.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\VCCLSID.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\VACFix.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\swxcacls.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\swsc.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\swreg.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\SrchSTS.exe
2008-09-27 20:49:11 ----A---- C:\Windows\system32\dumphive.exe
2008-09-27 18:11:25 ----D---- C:\rsit
2008-09-27 16:52:14 ----A---- C:\Windows\dirsaver.ini
2008-09-27 14:39:53 ----D---- C:\Users\Name Name\AppData\Roaming\Malwarebytes
2008-09-27 14:39:48 ----D---- C:\ProgramData\Malwarebytes
2008-09-27 14:39:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 14:19:15 ----D---- C:\Program Files\Trend Micro
2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaws.exe
2008-09-27 14:10:43 ----A---- C:\Windows\system32\javaw.exe
2008-09-27 14:10:43 ----A---- C:\Windows\system32\java.exe
2008-09-27 13:43:48 ----A---- C:\Windows\ntbtlog.txt
2008-09-27 12:59:20 ----A---- C:\Windows\sreensaver.exe
2008-09-27 12:59:20 ----A---- C:\Windows\gscr.dll
2008-09-20 18:07:49 ----D---- C:\Users\Name Name\AppData\Roaming\Skype
2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files\Skype
2008-09-20 17:52:05 ----D---- C:\Users\Name Name\AppData\Roaming\skypePM
2008-09-20 17:48:11 ----D---- C:\Program Files\Skype
2008-09-20 17:46:59 ----D---- C:\ProgramData\Skype
2008-09-10 06:39:24 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-07 19:56:59 ----D---- C:\Users\Name Name\AppData\Roaming\fotoclicks Publisher Komplett
2008-09-06 19:51:18 ----A---- C:\mandant.ini
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippsa611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippja611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippia611.dll
2008-09-06 19:21:26 ----A---- C:\Windows\system32\ippcva611.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsra611.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippsr11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ipps11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippj11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippi11.dll
2008-09-06 19:21:25 ----A---- C:\Windows\system32\ippcv11.dll
2008-09-06 19:21:24 ----A---- C:\Windows\system32\IPPCPUID.DLL
2008-09-06 19:21:19 ----A---- C:\Windows\IsUninst.exe
2008-09-06 19:21:11 ----A---- C:\Windows\system32\unidrv.dll
2008-09-06 19:21:11 ----A---- C:\Windows\system32\PMDrvStr.ini
2008-09-06 19:21:11 ----A---- C:\Windows\system32\NSPdf32.dll
2008-09-06 19:21:10 ----A---- C:\Windows\system32\NSPDF16.DLL
2008-09-06 19:21:10 ----A---- C:\Windows\system32\ijl15.dll
2008-09-06 19:21:10 ----A---- C:\Windows\system32\ICONLIB.DLL
2008-09-06 19:21:03 ----A---- C:\Windows\system32\pmsbfn32.dll
2008-09-06 19:20:01 ----D---- C:\Program Files\Common Files\PDFView
2008-09-06 19:19:58 ----D---- C:\Windows\system32\color
2008-09-06 19:19:58 ----D---- C:\Program Files\NewSoft
2008-09-06 19:18:59 ----A---- C:\Windows\MAXLINK.INI
2008-09-06 19:18:56 ----D---- C:\ProgramData\InstallShield
2008-09-06 19:18:55 ----D---- C:\Users\Name Name\AppData\Roaming\ScanSoft
2008-09-06 19:18:43 ----D---- C:\ProgramData\ScanSoft
2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-09-06 19:18:00 ----D---- C:\Program Files\ScanSoft
2008-09-06 19:17:16 ----D---- C:\Users\Name Name\AppData\Roaming\ArcSoft
2008-09-06 19:16:38 ----D---- C:\Program Files\Common Files\CANON
2008-09-06 19:14:12 ----D---- C:\Program Files\ArcSoft
2008-09-06 19:14:12 ----A---- C:\Windows\PCDLIB32.DLL
2008-09-06 19:08:46 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-09-06 19:08:36 ----HD---- C:\Program Files\CanonBJ
2008-08-30 16:43:53 ----D---- C:\Users\Name Name\AppData\Roaming\fotobuch.de AG
2008-08-30 16:43:53 ----D---- C:\ProgramData\fotobuch.de AG
2008-08-30 16:41:10 ----D---- C:\Windows\system32\artworks
2008-08-30 16:41:10 ----D---- C:\Program Files\fotobuch.de AG
2008-08-30 12:09:29 ----D---- C:\Program Files\LIDL Fotoservice

======List of files/folders modified in the last 1 months======

2008-09-28 21:36:27 ----D---- C:\Windows\Temp
2008-09-28 21:34:22 ----D---- C:\Windows\System32
2008-09-28 12:05:15 ----D---- C:\Program Files\Mozilla Firefox
2008-09-28 08:04:33 ----RD---- C:\Program Files
2008-09-28 08:04:30 ----SD---- C:\Windows\Downloaded Program Files
2008-09-28 01:35:30 ----RSD---- C:\Windows\assembly
2008-09-28 01:33:33 ----D---- C:\Windows\Minidump
2008-09-28 01:33:25 ----D---- C:\Windows
2008-09-27 18:06:48 ----D---- C:\Windows\system32\drivers
2008-09-27 14:39:48 ----D---- C:\ProgramData
2008-09-27 14:17:47 ----SHD---- C:\System Volume Information
2008-09-27 14:11:02 ----SHD---- C:\Windows\Installer
2008-09-27 14:10:43 ----D---- C:\Program Files\Java
2008-09-27 12:59:22 ----D---- C:\Windows\Prefetch
2008-09-27 08:32:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-27 08:32:21 ----D---- C:\Windows\inf
2008-09-26 18:42:13 ----A---- C:\Windows\winamp.ini
2008-09-24 07:34:43 ----A---- C:\Windows\NeroDigital.ini
2008-09-20 18:16:30 ----D---- C:\Windows\system32\WDI
2008-09-20 18:07:21 ----D---- C:\Program Files\Common Files
2008-09-20 18:06:46 ----D---- C:\Windows\system32\Tasks
2008-09-19 06:37:27 ----D---- C:\Windows\system32\catroot2
2008-09-11 03:01:16 ----D---- C:\Windows\winsxs
2008-09-10 06:38:39 ----D---- C:\Windows\system32\catroot
2008-09-06 19:20:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-06 19:18:43 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-06 19:15:40 ----D---- C:\Program Files\Canon
2008-08-31 07:25:40 ----D---- C:\Windows\rescache
2008-08-31 07:08:58 ----D---- C:\Windows\system32\de-DE
2008-08-30 17:34:15 ----D---- C:\Program Files\Panda Security
2008-08-30 16:43:26 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-07 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-07 11264]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-24 149761]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-05-04 355096]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

funde löschen lassen, ausser smitfraudfix.

wie läuft der rechner??

der Rechner läuft aktuell ohne merkbare Probleme.
Bluescreen und fehlende Anzeigefunktionen sind kein Thema mehr.

Sehen die Logs noch nach Problemen aus?[br][br]Erstellt am: 28.09.08 um 21:48:30

---

[br]eine Fehlermeldung habe ich noch auf dem PC immer wenn ich ihn hochfahre:

ATI
Die Datei oder Assembly MOM.Implementation, Version=2.0.2657.37014,Culture=neutral, PublicKeyToken=90ba9c70f846762e oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegeben Datei nicht finden.

Diese Fehlermeldung bekomme ich aber schon seit ein paar Wochen.

Hängt das irgendwie zusammen.

Schönen Dank schonmal - auch für die bisher geleistete Unterstützung!

balou schrieb:

der Rechner läuft aktuell ohne merkbare Probleme.
Bluescreen und fehlende Anzeigefunktionen sind kein Thema mehr.

Sehen die Logs noch nach Problemen aus?

Zum Vergrößern anklicken....

Nee