Trojaner-Board - von Malware infiziert?

Habe paar alte nicht funktionierende Jpgs gefunden..und deshalb so nen jpg rekonstruierer runtergeladen..
ich war mal wieder vorschnell und klick auf die etwas seltsame exe datei...
vorallem passierte dann nichts..
daher nehm ich an, dass da was nicht stimmte..
von der herstellerseite bekam ich dann das funktionierende programm..
daher vermute ich, dass ich nun irgendwas drauf habe..
online tests habn aber nichts ergeben

(hoffe hab alles editiert)

Code:

[/HTML][/TABLE][/PHP]Runscanner logfile h**p://www.runscanner.net 
 

* = signed file

- = file not found
 

000 General info

----------------

Computer name :**

Creation time : 18.05.2008 11:10:32

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 6.0.2900.2180

OS : Microsoft Windows XP

OS Build : 2600

OS SP : Service Pack 2

RunScanner Version : 1.6.3.0

User Language : Deutsch (Deutschland)

User rights : Administrator

Windows folder : E:\WINDOWS
 

001 Running processes

---------------------

e:\programme\antivir personaledition classic\avguard.exe (Avira GmbH)

e:\programme\antivir personaledition classic\sched.exe (Avira GmbH)

e:\programme\antivir personaledition classic\avgnt.exe (Avira GmbH)

* e:\windows\system32\services.exe (Microsoft Corporation)

* e:\windows\system32\alg.exe (Microsoft Corporation)

* e:\windows\system32\csrss.exe (Microsoft Corporation)

* e:\windows\system32\rundll32.exe (Microsoft Corporation)

* e:\windows\system32\rundll32.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\windows\system32\svchost.exe (Microsoft Corporation)

* e:\programme\java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

* e:\programme\gemeinsame dateien\logishrd\khal2\khalmnpr.exe (Logitech, Inc.)

* e:\programme\logitech\setpoint\setpoint.exe (Logitech, Inc.)

* e:\windows\system32\lsass.exe (Microsoft Corporation)

* e:\windows\system32\nvsvc32.exe (NVIDIA Corporation)

* e:\programme\oo software\safeerase\oosewiz.exe

e:\programme\opera\opera.exe (Opera Software)

* e:\dokumente und einstellungen\***\desktop\runscanner.exe (Runscanner.net)

* e:\windows\system32\spoolsv.exe (Microsoft Corporation)

* e:\programme\spybot - search & destroy\teatimer.exe (Safer Networking Limited)

* e:\windows\explorer.exe (Microsoft Corporation)

* e:\windows\system32\winlogon.exe (Microsoft Corporation)

* e:\windows\system32\smss.exe (Microsoft Corporation)
 

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)

-----------------------------------------------------------------

e:\programme\antivir personaledition classic\avgnt.exe (Avira GmbH)

* E:\WINDOWS\khalmnpr.exe (Logitech, Inc.)

* E:\WINDOWS\khalmnpr.exe (Logitech, Inc.)

E:\WINDOWS\system32\nwiz.exe

- e:\programme\software4u\registry cleanup 2008\software4u.updateserver.exe
 

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)

-----------------------------------------------------------------

* e:\programme\spybot - search & destroy\teatimer.exe (Safer Networking Limited)
 

005 E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

--------------------------------------------------------------------------

* e:\progra~1\logitech\setpoint\setpoint.exe (Logitech, Inc.)
 

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)

--------------------------------------------------------------------------

e:\windows\system32\ctfmon.exe (Gerhard Schlager)
 

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)

------------------------------------------------------------------------

e:\windows\system32\ctfmon.exe (Gerhard Schlager)
 

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)

-----------------------------------------------------

e:\programme\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard)

e:\programme\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Planer)

* e:\programme\gemeinsame dateien\logitech\bluetooth\lbtserv.exe (Logitech Bluetooth Service)
 

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)

----------------------------------------------------

* e:\programme\antivir personaledition classic\avgio.sys (avgio)

* e:\programme\antivir personaledition classic\avgntflt.sys (avgntflt)

* E:\WINDOWS\system32\drivers\avipbb.sys (avipbb)

- e:\windows\system32\drivers\changer.sys (Changer)

E:\WINDOWS\system32\drivers\cmudau.sys (C-Media USB Sound Interface)

- e:\windows\system32\drivers\eaglent.sys (EagleNT)

- e:\windows\system32\drivers\i2omgmt.sys (i2omgmt)

- e:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)

E:\WINDOWS\system32\drivers\lhidke.sys (Logitech SetPoint HID Mouse Filter Driver)

* E:\WINDOWS\system32\drivers\lhidfilt.sys (Logitech SetPoint KMDF HID Filter Driver)

* E:\WINDOWS\system32\drivers\lmoufilt.sys (Logitech SetPoint KMDF Mouse Filter Driver)

* E:\WINDOWS\system32\drivers\lusbfilt.sys (Logitech SetPoint KMDF USB Filter)

E:\WINDOWS\system32\drivers\lmouke.sys (Logitech SetPoint Mouse Filter Driver)

E:\WINDOWS\system32\drivers\lhidusbk.sys (Logitech SetPoint USB Receiver device driver)

- e:\windows\system32\drivers\pcidump.sys (PCIDump)

- e:\windows\system32\drivers\pdcomp.sys (PDCOMP)

- e:\windows\system32\drivers\pdframe.sys (PDFRAME)

- e:\windows\system32\drivers\pdreli.sys (PDRELI)

- e:\windows\system32\drivers\pdrframe.sys (PDRFRAME)

* E:\WINDOWS\system32\drivers\pstrip.sys (PStrip)

E:\WINDOWS\system32\drivers\sptd.sys (sptd)

E:\WINDOWS\system32\drivers\ssmdrv.sys (ssmdrv)

e:\windows\system32\drivers\prodrv06.sys (StarForce Protection Environment Driver v6)

E:\WINDOWS\system32\drivers\sfhlp01.sys (StarForce Protection Helper Driver)

E:\WINDOWS\system32\drivers\prohlp02.sys (StarForce Protection Helper Driver v2)

E:\WINDOWS\system32\drivers\prosync1.sys (StarForce Protection Synchronization Driver v1)

E:\WINDOWS\system32\drivers\cm106.sys (USB Multi-Channel Audio Device Interface)

- e:\windows\system32\drivers\wdica.sys (WDICA)
 

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter

------------------------------------------

E:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

E:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

E:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
 

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler

-------------------------------------------

e:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}

e:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}

e:\programme\gemeinsame dateien\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}

e:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
 

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

------------------------------------------------------------------

e:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
 

042 HKLM\Software\Microsoft\Internet Explorer\Extensions

--------------------------------------------------------

* e:\programme\icq6\icq.exe (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2}
 

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

----------------------------------------------------------------------------------

* e:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
 

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

---------------------------------------------------------------------------------

- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}

e:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}

e:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}

* e:\programme\logitech\setpoint\mcplext.dll (Logitech, Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}

* e:\programme\logitech\setpoint\kbcplext.dll (Logitech, Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}

e:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

e:\programme\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

e:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}

e:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}

e:\progra~1\gemein~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute

---------------------------------------------------------------------

* E:\WINDOWS\system32\lsdelete.exe
 

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

---------------------------------------------------------------------

* e:\programme\gemeinsame dateien\logitech\bluetooth\lbtwlgn.dll (Logitech, Inc.)
 

068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

--------------------------------------------------------------------------------

E:\WINDOWS\system32\prxerdrv.dll (Initex Software)

E:\WINDOWS\system32\prxerdrv.dll (Initex Software)
 

073 %windir%\Tasks

------------------

Uniblue SpeedUpMyPC Nag.job : e:\programme\uniblue\speedupmypc 3\speedupmypc.exe

Uniblue SpeedUpMyPC.job : e:\programme\uniblue\speedupmypc 3\speedupmypc.exe
 

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt

-----------------------------------------------------

Nach Microsoft &Excel exportieren : res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
 

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5

---------------------------------------------------------------------------------

E:\WINDOWS\system32\prxernsp.dll
 

173 HKCR\*\shellex\ContextMenuHandlers

--------------------------------------

GUID / CLSID not found {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}

e:\programme\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 

220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers

-------------------------------------------------------

GUID / CLSID not found {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
 

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

-------------------------------------------------------

e:\programme\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 

224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers

------------------------------------------------------------

GUID / CLSID not found {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}

GUID / CLSID not found {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}
 

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers

------------------------------------------------------------

e:\programme\avira\unerase\ciasvrue.dll {A51DA762-BDD7-11D5-973D-C0539E56E216}

e:\programme\avira\unerase\ciasvrue.dll {A51DA762-BDD7-11D5-973D-C0539E56E216}

e:\programme\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

e:\programme\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

---------------------------------------------------------------

e:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

--------------------------------------------------------------------------

e:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

Hjack gibt:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:44:34, on 18.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programme\AntiVir PersonalEdition Classic\avguard.exe

E:\Programme\AntiVir PersonalEdition Classic\sched.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\Explorer.EXE

E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

E:\Programme\Java\jre1.6.0_05\bin\jusched.exe

E:\WINDOWS\system32\RUNDLL32.EXE

E:\WINDOWS\system32\rundll32.exe

E:\Programme\Logitech\SetPoint\SetPoint.exe

E:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE

E:\Programme\OO Software\SafeErase\oosewiz.exe

E:\WINDOWS\system32\svchost.exe

E:\Programme\Spybot - Search & Destroy\TeaTimer.exe

E:\Programme\Opera\Opera.exe

E:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Software4u-UpdateServer] E:\Programme\Software4u\Registry CleanUP 2008\Software4u.UpdateServer.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe

O10 - Unknown file in Winsock LSP: e:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\prxerdrv.dll

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
 

--

End of file - 4441 bytes