Hallo schrauber,
erstmal danke für Deine Hilfe !
ich habe die Log´s erstellt:
---------------------------------------------------------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by ***** at 2008-09-30 18:24:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 39 GB (78%) free of 50 GB
Total RAM: 1535 MB (58% free)
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:29, on 30.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Internet\Desktop\RSIT.exe
C:\Programme\trend micro\*****.exe
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [AVKTray] C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-21-776561741-790525478-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User->*****')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 5199 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll [2006-09-05 237568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll [2006-09-05 237568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched=C:\Programme\Java\jre1.5.0\bin\jusched.exe [2007-07-24 36972]
SoundMan=C:\WINDOWS\SOUNDMAN.EXE [2005-01-10 77824]
ATIPTA=C:\ATI-CPanel\atiptaxx.exe [2004-11-24 344064]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
Easy-PrintToolBox=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
AOLDialer=C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe [2007-06-21 70952]
QuickTime Task=C:\Programme\QuickTime\qttask.exe [2007-07-24 98304]
AVKTray=C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe [2006-09-07 868352]
KernelFaultCheck=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe
G DATA Firewall Tray.lnk - C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-11-25 94208]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername=1
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
G:\FSETUP.EXE=G:\FSETUP.EXE:*:Enabled:FSetup Application
C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe=C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe=C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Programme\AOL 9.0\waol.exe=C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Programme\Gemeinsame Dateien\aol\1222250105\ee\aolsoftware.exe=C:\Programme\Gemeinsame Dateien\aol\1222250105\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe=C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe=C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Programme\AOL 9.0\waol.exe=C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
======List of files/folders created in the last 1 months======
2008-09-30 18:24:08 ----D---- C:\Programme\trend micro
2008-09-30 18:24:07 ----D---- C:\rsit
2008-09-24 11:51:43 ----D---- C:\Programme\AOL
======List of files/folders modified in the last 1 months======
2008-09-30 18:24:25 ----D---- C:\WINDOWS\Temp
2008-09-30 18:24:08 ----RD---- C:\Programme
2008-09-29 20:34:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 00:15:47 ----D---- C:\Programme\Gemeinsame Dateien\aol
2008-09-27 11:41:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-24 11:59:33 ----D---- C:\WINDOWS
2008-09-24 11:56:41 ----D---- C:\WINDOWS\system32\drivers
2008-09-24 11:56:21 ----HD---- C:\WINDOWS\inf
2008-09-24 11:56:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-24 11:55:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL
2008-09-24 11:50:53 ----D---- C:\Programme\AOL 9.0
2008-09-24 11:49:14 ----A---- C:\WINDOWS\win.ini
2008-09-24 11:49:13 ----D---- C:\WINDOWS\Prefetch
2008-09-03 21:31:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-03 21:30:41 ----D---- C:\WINDOWS\system32
2008-09-03 19:49:28 ----D---- C:\WINDOWS\Help
2008-09-01 20:03:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZoomBrowser
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-04-30 35840]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-10 2304320]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-11-25 872960]
R3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2004-09-16 186368]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-09-16 13824]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 95360]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-11-25 425984]
R2 AVKProxy;AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2006-08-23 577536]
R2 AVKService;AVK Service; C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-09-04 397312]
R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2006-09-11 1200128]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 GDFwSvc;G DATA Personal Firewall; C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2006-09-14 987136]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
-----------------EOF-----------------