Habe ich ein Trojaner (Webprefix32)??

Dieses Thema Habe ich ein Trojaner (Webprefix32)?? im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von ndy66, 19. Juni 2009.

Thema: Habe ich ein Trojaner (Webprefix32)?? Hallo liebes Team,bin verzweifelt brauche dringend eure Hilfe.Ich Poste mal meine Log-Datei anbei,wäre nett wenn...

  1. Hallo liebes Team,bin verzweifelt brauche dringend eure Hilfe.Ich Poste mal meine Log-Datei anbei,wäre nett wenn ihr mal drüberschauen könntet,danke.
    Habe schonmal mit Spybot-S&D versucht mein problem zu lösen aber der hängt sich dann immerwieder auf :|.Ebenso Security Totalcare blieb erfolglos.
    Liebe Grüße

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:45:41, on 19.06.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
    C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFirewallTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F3 - REG:win.ini: run= 
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\programme\g data internetsecurity totalcare\avkkid\avkcks.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [AVKTray] C:\Programme\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
    O4 - Global Startup: G DATA Firewall Tray.lnk = ?
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
    O9 - Extra button: FreshDownload - {3EE85F6E-4002-4F3F-9F89-C63DFFBE019D} - C:\Programme\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
    O9 - Extra->Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236603733718[/url]
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236603718671[/url]
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [url]http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[/url]
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://www.popcap.com/webgames/popcaploader_v10_de.cab[/url]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB3DD82-A318-4EAE-A488-44912D6FC695}: NameServer = 192.168.178.1
    O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)
    O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
    
    --
    End of file - 6312 bytes
    Log in Code-Tag eingefügt:
    http://www.wintotal-forum.de/index.php/topic,147847.msg768747.html#msg768747
     
  2. du hast noch Reste von der Veoh Toolbar drauf (Browser Plug-in)
    {D0943516-5076-4020-A3B5-AEFAF26AB263}

    und einen Trojaner (Trojan.Zlob/VirusHeat)
    {b0fdc513-46b9-46fc-8e70-d575ee546dae}

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {b0fdc513-46b9-46fc-8e70-d575ee546dae} = frowardness

    http://www.exterminate-it.com/malpedia/remove-zlob-fake-security-alerts
    http://www.bleepingcomputer.com/forums/lofiversion/index.php/t130080.html

    pan_fee
     
  3. hallo schrauber,danke für deine zeit und hilfe,hier erstmal den scanbericht nr.1,die anderen folgen gleich gruß ndy66

    Code:
    SmitFraudFix v2.422
    
    Scan done at 15:04:39,75, 20.06.2009
    Run from C:\Programme\Free Download Manager\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hustler
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Hustler\LOKALE~1\Temp
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hustler\Application Data
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
     
     
    
    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!
    
    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!
    
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!
    
    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!
    
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!
    
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!
    
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs=
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Userinit=C:\\WINDOWS\\SYSTEM32\\Userinit.exe,
    
    »»»»»»»»»»»»»»»»»»»»»»»» RK
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    System=
    
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» End
    Log in Code-Tag eingefügt:
    http://www.wintotal-forum.de/index.php/topic,147847.msg768747.html#msg768747
     
  4. so,hier scanbericht nr.2

    Code:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Hustler at 2009-06-20 15:24:44
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 22 GB (69%) free of 32 GB
    Total RAM: 511 MB (21% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:25:20, on 20.06.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    C:\Downloads\Software\RSIT.exe
    C:\Programme\Trend Micro\HijackThis\Hustler.exe
    
    O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
    
    --
    End of file - 2023 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\ParetoLogic Registration.job
    C:\WINDOWS\tasks\PerfectOptimzier_OneClick.job
    
    ======Registry dump======
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    rundll32.exe= []
    WAB=C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe [2009-06-20 4096]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    Mixer.exe /startup []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    C:\Programme\Veoh Networks\Veoh\VeohClient.exe /VeohHide []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 240128]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    notification packages=
    :\WINDOW
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername=0
    legalnoticecaption=
    legalnoticetext=
    undockwithoutlogon=1
    ShutdownWithoutLogon=1
    NoDispCPL=0
    NoDispSettingsPage=0
    NoDispScrSavPage=0
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun=145
    HideClock=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoResolveTrack=
    NoViewContextMenu=
    NoFileAssociate=
    NoFind=
    NoRun=
    NoClose=
    StartMenuLogoff=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Programme\LimeWire\LimeWire.exe=C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    C:\Programme\FrostWire\FrostWire.exe=C:\Programme\FrostWire\FrostWire.exe:*:Enabled:LimeWire
    C:\Programme\Windows Live\Messenger\msnmsgr.exe=C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Programme\Windows Live\Messenger\livecall.exe=C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    C:\Programme\IncrediMail\bin\ImApp.exe=C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
    C:\Programme\IncrediMail\bin\IncMail.exe=C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
    C:\Programme\IncrediMail\bin\ImpCnt.exe=C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
    C:\Programme\Bonjour\mDNSResponder.exe=C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe=C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
    C:\Programme\ZSoft\Uninstaller\uninst.exe=C:\Programme\ZSoft\Uninstaller\uninst.exe:*:Enabled:Uninstall
    C:\Programme\Messenger\msmsgs.exe=C:\Programme\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Programme\Windows Live\Messenger\msnmsgr.exe=C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Programme\Windows Live\Messenger\livecall.exe=C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daaff1fa-fe3f-11d5-be0b-ee85d37e1aed}]
    shell\AutoRun\command - F:\LaunchU3.exe
    
    
    ======File associations======
    
    .js - open - NOTEPAD.EXE %1
    .reg - open - NOTEPAD.EXE %1
    .scr - open - NOTEPAD.EXE %1
    .vbs - open - NOTEPAD.EXE %1
    
    ======List of files/folders created in the last 1 months======
    
    2009-06-20 15:24:44 ----D---- C:\rsit
    2009-06-20 15:05:07 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-06-20 15:04:39 ----A---- C:\rapport.txt
    2009-06-20 15:02:39 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\404Fix.exe
    2009-06-20 15:02:37 ----A---- C:\WINDOWS\system32\VACFix.exe
    2009-06-20 15:02:37 ----A---- C:\WINDOWS\system32\IEDFix.exe
    2009-06-20 15:02:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
    2009-06-20 15:02:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\SrchSTS.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\Process.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\dumphive.exe
    2009-06-19 20:03:07 ----D---- C:\Programme\Trend Micro
    2009-06-18 10:03:14 ----A---- C:\WINDOWS\system32\oeminfo.ini
    2009-06-18 08:58:56 ----D---- C:\Programme\Ashampoo
    2009-06-08 23:53:31 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\skypePM
    2009-06-08 23:45:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
    2009-06-08 21:36:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
    2009-06-08 21:35:16 ----D---- C:\Programme\Electronic Arts
    2009-06-08 10:55:13 ----A---- C:\WINDOWS\rasqervy.dll
    2009-06-08 10:55:06 ----A---- C:\WINDOWS\sdfinacs.dll
    2009-06-08 10:54:28 ----A---- C:\WINDOWS\sdfixwcs.dll
    2009-06-07 11:28:48 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\phonostar-Player
    2009-06-06 19:20:15 ----A---- C:\WINDOWS\wuasirvy.dll
    2009-05-27 08:08:57 ----D---- C:\Programme\QuickTime
    2009-05-27 08:06:19 ----D---- C:\Programme\Apple Software Update
    
    ======List of files/folders modified in the last 1 months======
    
    2009-06-20 15:25:20 ----D---- C:\WINDOWS\Temp
    2009-06-20 15:24:39 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Free Download Manager
    2009-06-20 15:24:09 ----D---- C:\WINDOWS\Prefetch
    2009-06-20 15:05:09 ----D---- C:\WINDOWS\system32
    2009-06-20 15:02:17 ----D---- C:\Programme\Free Download Manager
    2009-06-20 14:48:03 ----D---- C:\Programme\Spybot - Search & Destroy
    2009-06-20 14:38:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-20 10:17:51 ----D---- C:\Downloads
    2009-06-20 07:00:48 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-20 05:33:19 ----D---- C:\WINDOWS
    2009-06-20 04:56:19 ----A---- C:\WINDOWS\wininit.ini
    2009-06-20 00:24:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-20 00:24:25 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-19 20:03:07 ----D---- C:\Programme
    2009-06-19 17:31:03 ----SHD---- C:\WINDOWS\Installer
    2009-06-19 17:30:59 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
    2009-06-19 17:30:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
    2009-06-19 08:30:12 ----D---- C:\Programme\Mozilla Firefox
    2009-06-19 07:55:45 ----HD---- C:\WINDOWS\inf
    2009-06-19 07:55:45 ----D---- C:\WINDOWS\system32\Adobe
    2009-06-19 07:55:45 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Adobe
    2009-06-19 07:54:19 ----D---- C:\WINDOWS\WinSxS
    2009-06-18 09:51:17 ----D---- C:\Programme\MJ Xstream
    2009-06-18 09:15:29 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\LimeWire
    2009-06-17 23:33:35 ----SD---- C:\WINDOWS\Tasks
    2009-06-16 14:09:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
    2009-06-16 06:57:48 ----HD---- C:\Programme\InstallShield Installation Information
    2009-06-16 06:55:09 ----D---- C:\WINDOWS\Downloaded Installations
    2009-06-16 05:42:37 ----A---- C:\WINDOWS\system32\framedyn.dll
    2009-06-09 00:27:45 ----D---- C:\WINDOWS\system32\LogFiles
    2009-06-09 00:13:56 ----D---- C:\Programme\Gemeinsame Dateien
    2009-06-06 19:33:52 ----D---- C:\WINDOWS\Desktop
    2009-06-06 16:37:46 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia
    2009-05-27 08:08:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 41472]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
    R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-02-28 14848]
    R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-05-30 25344]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2002-01-02 278984]
    R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2002-01-02 25416]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-02-28 88448]
    R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
    R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
    R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
    R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
    R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
    R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
    R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
    R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
    R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]
    R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
    R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
    R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
    R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
    S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
    S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
    S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
    S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AVKService;AVK Service; C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe [2007-04-02 407376]
    R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe [2007-04-02 1103696]
    R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-18 152984]
    R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R3 GDFwSvc;G DATA Personal Firewall; C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe [2007-02-28 976720]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe []
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
    S4 AVKProxy;AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2007-03-30 636752]
    
    -----------------EOF-----------------
    Log in Code-Tag eingefügt.
    Wie führe ich einen Code-Tag im Forum ein?
    http://www.wintotal-forum.de/index.php/topic,147847.msg768747.html#msg768747
     
  5. setz bitte die logfiles in code-tags, wie steht in dem link von mir oben. ändere alle deine beiträge und füge die code-tags ein.

    poste noch die c:\rsit\info.txt, die fehlt noch.

    machst du online-geldgechäfte?
     
  6. hi,schrauber,hoffe es ist so richtig mit dem dode-tags,was die online-geschäfte betrifft(hilfe,nein)mache ich nicht,warum?machen die was mit mir??
    Code:
     HijackThis v2.0.2
    Scan saved at 21:45:41, on 19.06.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
    C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFirewallTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F3 - REG:win.ini: run= 
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\programme\g data internetsecurity totalcare\avkkid\avkcks.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [AVKTray] C:\Programme\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
    O4 - Global Startup: G DATA Firewall Tray.lnk = ?
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
    O9 - Extra button: FreshDownload - {3EE85F6E-4002-4F3F-9F89-C63DFFBE019D} - C:\Programme\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
    O9 - Extra->Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236603733718[/url]
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236603718671[/url]
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [url]http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[/url]
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://www.popcap.com/webgames/popcaploader_v10_de.cab[/url]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB3DD82-A318-4EAE-A488-44912D6FC695}: NameServer = 192.168.178.1
    O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)
    O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
    
    --
    End of file - 6312 bytes
     
  7. Code:
    hallo schrauber,danke für deine zeit und hilfe,hier erstmal den scanbericht nr.1,die anderen folgen gleich gruß ndy66
    SmitFraudFix v2.422
    
    Scan done at 15:04:39,75, 20.06.2009
    Run from C:\Programme\Free Download Manager\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hustler
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Hustler\LOKALE~1\Temp
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hustler\Application Data
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
     
     
    
    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!
    
    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!
    
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!
    
    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!
    
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!
    
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!
    
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs=
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Userinit=C:\\WINDOWS\\SYSTEM32\\Userinit.exe,
    
    »»»»»»»»»»»»»»»»»»»»»»»» RK
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    System=
    
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» End
    
    
     
  8. Code:
    --------------------------------------------------------------------------------
    so,hier scanbericht nr.2
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Hustler at 2009-06-20 15:24:44
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 22 GB (69%) free of 32 GB
    Total RAM: 511 MB (21% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:25:20, on 20.06.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    C:\Downloads\Software\RSIT.exe
    C:\Programme\Trend Micro\HijackThis\Hustler.exe
    
    O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
    O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
    
    --
    End of file - 2023 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\ParetoLogic Registration.job
    C:\WINDOWS\tasks\PerfectOptimzier_OneClick.job
    
    ======Registry dump======
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    rundll32.exe= []
    WAB=C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia\Common\bdf9201019.exe [2009-06-20 4096]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    Mixer.exe /startup []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    C:\Programme\Veoh Networks\Veoh\VeohClient.exe /VeohHide []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 240128]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    notification packages=
    :\WINDOW
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername=0
    legalnoticecaption=
    legalnoticetext=
    undockwithoutlogon=1
    ShutdownWithoutLogon=1
    NoDispCPL=0
    NoDispSettingsPage=0
    NoDispScrSavPage=0
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun=145
    HideClock=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoResolveTrack=
    NoViewContextMenu=
    NoFileAssociate=
    NoFind=
    NoRun=
    NoClose=
    StartMenuLogoff=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Programme\LimeWire\LimeWire.exe=C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    C:\Programme\FrostWire\FrostWire.exe=C:\Programme\FrostWire\FrostWire.exe:*:Enabled:LimeWire
    C:\Programme\Windows Live\Messenger\msnmsgr.exe=C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Programme\Windows Live\Messenger\livecall.exe=C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    C:\Programme\IncrediMail\bin\ImApp.exe=C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
    C:\Programme\IncrediMail\bin\IncMail.exe=C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
    C:\Programme\IncrediMail\bin\ImpCnt.exe=C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
    C:\Programme\Bonjour\mDNSResponder.exe=C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe=C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
    C:\Programme\ZSoft\Uninstaller\uninst.exe=C:\Programme\ZSoft\Uninstaller\uninst.exe:*:Enabled:Uninstall
    C:\Programme\Messenger\msmsgs.exe=C:\Programme\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Programme\Windows Live\Messenger\msnmsgr.exe=C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Programme\Windows Live\Messenger\livecall.exe=C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daaff1fa-fe3f-11d5-be0b-ee85d37e1aed}]
    shell\AutoRun\command - F:\LaunchU3.exe
    
    
    ======File associations======
    
    .js - open - NOTEPAD.EXE %1
    .reg - open - NOTEPAD.EXE %1
    .scr - open - NOTEPAD.EXE %1
    .vbs - open - NOTEPAD.EXE %1
    
    ======List of files/folders created in the last 1 months======
    
    2009-06-20 15:24:44 ----D---- C:\rsit
    2009-06-20 15:05:07 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-06-20 15:04:39 ----A---- C:\rapport.txt
    2009-06-20 15:02:39 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-06-20 15:02:38 ----A---- C:\WINDOWS\system32\404Fix.exe
    2009-06-20 15:02:37 ----A---- C:\WINDOWS\system32\VACFix.exe
    2009-06-20 15:02:37 ----A---- C:\WINDOWS\system32\IEDFix.exe
    2009-06-20 15:02:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
    2009-06-20 15:02:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\SrchSTS.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\Process.exe
    2009-06-20 15:02:35 ----A---- C:\WINDOWS\system32\dumphive.exe
    2009-06-19 20:03:07 ----D---- C:\Programme\Trend Micro
    2009-06-18 10:03:14 ----A---- C:\WINDOWS\system32\oeminfo.ini
    2009-06-18 08:58:56 ----D---- C:\Programme\Ashampoo
    2009-06-08 23:53:31 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\skypePM
    2009-06-08 23:45:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
    2009-06-08 21:36:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
    2009-06-08 21:35:16 ----D---- C:\Programme\Electronic Arts
    2009-06-08 10:55:13 ----A---- C:\WINDOWS\rasqervy.dll
    2009-06-08 10:55:06 ----A---- C:\WINDOWS\sdfinacs.dll
    2009-06-08 10:54:28 ----A---- C:\WINDOWS\sdfixwcs.dll
    2009-06-07 11:28:48 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\phonostar-Player
    2009-06-06 19:20:15 ----A---- C:\WINDOWS\wuasirvy.dll
    2009-05-27 08:08:57 ----D---- C:\Programme\QuickTime
    2009-05-27 08:06:19 ----D---- C:\Programme\Apple Software Update
    
    ======List of files/folders modified in the last 1 months======
    
    2009-06-20 15:25:20 ----D---- C:\WINDOWS\Temp
    2009-06-20 15:24:39 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Free Download Manager
    2009-06-20 15:24:09 ----D---- C:\WINDOWS\Prefetch
    2009-06-20 15:05:09 ----D---- C:\WINDOWS\system32
    2009-06-20 15:02:17 ----D---- C:\Programme\Free Download Manager
    2009-06-20 14:48:03 ----D---- C:\Programme\Spybot - Search & Destroy
    2009-06-20 14:38:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-20 10:17:51 ----D---- C:\Downloads
    2009-06-20 07:00:48 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-20 05:33:19 ----D---- C:\WINDOWS
    2009-06-20 04:56:19 ----A---- C:\WINDOWS\wininit.ini
    2009-06-20 00:24:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-20 00:24:25 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-19 20:03:07 ----D---- C:\Programme
    2009-06-19 17:31:03 ----SHD---- C:\WINDOWS\Installer
    2009-06-19 17:30:59 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
    2009-06-19 17:30:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
    2009-06-19 08:30:12 ----D---- C:\Programme\Mozilla Firefox
    2009-06-19 07:55:45 ----HD---- C:\WINDOWS\inf
    2009-06-19 07:55:45 ----D---- C:\WINDOWS\system32\Adobe
    2009-06-19 07:55:45 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Adobe
    2009-06-19 07:54:19 ----D---- C:\WINDOWS\WinSxS
    2009-06-18 09:51:17 ----D---- C:\Programme\MJ Xstream
    2009-06-18 09:15:29 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\LimeWire
    2009-06-17 23:33:35 ----SD---- C:\WINDOWS\Tasks
    2009-06-16 14:09:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
    2009-06-16 06:57:48 ----HD---- C:\Programme\InstallShield Installation Information
    2009-06-16 06:55:09 ----D---- C:\WINDOWS\Downloaded Installations
    2009-06-16 05:42:37 ----A---- C:\WINDOWS\system32\framedyn.dll
    2009-06-09 00:27:45 ----D---- C:\WINDOWS\system32\LogFiles
    2009-06-09 00:13:56 ----D---- C:\Programme\Gemeinsame Dateien
    2009-06-06 19:33:52 ----D---- C:\WINDOWS\Desktop
    2009-06-06 16:37:46 ----D---- C:\Dokumente und Einstellungen\Hustler\Anwendungsdaten\Macromedia
    2009-05-27 08:08:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 41472]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
    R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-02-28 14848]
    R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-05-30 25344]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2002-01-02 278984]
    R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2002-01-02 25416]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-02-28 88448]
    R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
    R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
    R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
    R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
    R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
    R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
    R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
    R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
    R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]
    R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
    R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
    R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
    R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
    S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
    S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
    S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
    S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AVKService;AVK Service; C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKService.exe [2007-04-02 407376]
    R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe [2007-04-02 1103696]
    R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-18 152984]
    R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R3 GDFwSvc;G DATA Personal Firewall; C:\Programme\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe [2007-02-28 976720]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe []
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
    S4 AVKProxy;AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2007-03-30 636752]
    
    -----------------EOF-----------------
     
  9. ich frage nur, weil du einen bankdaten-stehlenden backdoor auf dem rechner hast ;)


    also fakt is, ab an einen andern pc, alle passwörter und zugänge ändern. wenn du aber keine online geldsachen machst können wir von mir aus reinigen statt formatieren.

    you're choice :)
     
Die Seite wird geladen...

Habe ich ein Trojaner (Webprefix32)?? - Ähnliche Themen

Forum Datum
Habe eine merkwürdige Rückmeldung vom Mailserver erhalten... Trojaner an Bord? Windows XP Forum 21. Aug. 2007
Habe keine Freigabe mehr??? Netzwerk 25. Juli 2016
Antwort auf Ich habe hier http://www.windowsforum.de/thema/wahl-des-betriebs systems-beim-booten.116 Windows 10 Forum 8. Mai 2016
Ich habe ein error bei der Installation eines programes Windows 7 Forum 28. Jan. 2016
Welches motherboard habe ich ? Windows 7 Forum 12. Jan. 2016