Trojaner-Board - Hilfe bei HiJackThis Log-Auswertung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Hilfe bei HiJackThis Log-Auswertung (https://www.trojaner-board.de/54110-hilfe-hijackthis-log-auswertung.html)

Die Hijackthislogs sind aus dem normalen und nicht aus dem abgesicherten Modus. Bist du sicher, dass da alles glatt läuft? :D

Fahre wie von BataAlexander angegeben fort.

lg myrtille

Zitat:

Zitat von myrtille (Beitrag 346892)

Die Hijackthislogs sind aus dem normalen und nicht aus dem abgesicherten Modus. Bist du sicher, dass da alles glatt läuft? :D

Ja! Ein Posting weiter unten sind die aus dem abgesicherten Modus. Der Vollständigkeit halber hab ich noch zusätzlich die aus dem Normalen hinzugefügt.

Zitat:

Fahre wie von BataAlexander angegeben fort.
lg myrtille

Werde ich jetzt machen

ComboFix hat inkl. zwischenzeitlichem Reboot starke 20 Minuten benötigt.

Teil 1/2:

ComboFixLog:

Code:

ComboFix 08-06-16.5 - *** 2008-06-18 20:54:00.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.641 [GMT 2:00]

Running from: C:\Documents and Settings\***\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\***\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

 * Created a new restore point

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\WINDOWS\system32\drivers\Wingl05.sys

C:\WINDOWS\system32\mdm.exe

C:\WINDOWS\system32\WinCtrl32.dl_

C:\WINDOWS\system32\WinCtrl32.dll
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_WINGL05

-------\Service_Wingl05
 
 

(((((((((((((((((((((((((   Files Created from 2008-05-18 to 2008-06-18  )))))))))))))))))))))))))))))))

.
 

2008-06-18 00:33 . 2008-06-18 00:33        <DIR>        d--------        C:\asdf

2008-06-17 01:58 . 2008-06-17 01:58        <DIR>        d--------        C:\WINDOWS\ERUNT

2008-06-17 01:40 . 2008-06-18 20:41        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\PrevxCSI

2008-06-16 23:44 . 2008-06-16 23:44        <DIR>        d--------        C:\Program Files\Trend Micro

2008-06-16 20:51 . 2008-06-16 20:51        <DIR>        d--------        C:\Documents and Settings\***\Application Data\Wireshark

2008-06-12 00:20 . 2008-06-12 00:20        0        --a------        C:\WINDOWS\system32\SBRC.dat

2008-06-12 00:20 . 2008-06-12 00:20        0        --a------        C:\WINDOWS\system32\SBFC.dat

2008-06-12 00:17 . 2008-06-12 00:17        <DIR>        d--------        C:\Documents and Settings\***\Application Data\Sunbelt Software

2008-06-11 08:50 . 2008-06-11 08:50        118        --a------        C:\WINDOWS\system32\MRT.INI

2008-06-11 08:41 . 2008-04-14 13:01        272,128        -----c---        C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 00:15 . 2008-06-11 08:18        <DIR>        d--------        C:\k6logs

2008-06-09 00:34 . 2008-06-09 00:42        8,424,758        --a------        C:\WINDOWS\system32\NETJLK

2008-06-09 00:30 . 2008-06-09 00:30        <DIR>        d--------        C:\Program Files\Avira

2008-06-09 00:30 . 2008-06-09 00:30        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Avira

2008-06-09 00:28 . 2008-06-09 01:00        <DIR>        d--------        C:\WINDOWS\SxsCaPendDel

2008-06-08 22:14 . 2008-06-15 13:37        <DIR>        d-a------        C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-08 22:06 . 2008-06-08 23:08        <DIR>        d--------        C:\Program Files\Norton Security Scan

2008-06-08 22:05 . 2008-06-17 23:18        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-07 23:05 . 2008-06-09 00:30        <DIR>        d--------        C:\Program Files\Windows Live Safety Center

2008-06-07 21:05 . 2008-06-09 00:27        <DIR>        d----c---        C:\WINDOWS\system32\DRVSTORE

2008-06-07 21:04 . 2007-03-29 14:56        409,600        -----c---        C:\WINDOWS\system32\dllcache\qmgr.dll

2008-06-07 21:04 . 2007-03-29 14:56        18,944        -----c---        C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2008-06-07 21:04 . 2007-03-29 14:56        8,192        -----c---        C:\WINDOWS\system32\dllcache\bitsprx2.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        -----c---        C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        -----c---        C:\WINDOWS\system32\dllcache\bitsprx3.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        ---------        C:\WINDOWS\system32\bitsprx4.dll

2008-06-07 19:04 . 2008-06-07 19:48        <DIR>        d--------        C:\WINDOWS\BDOSCAN8

2008-06-07 18:28 . 2008-06-07 18:28        <DIR>        d--------        C:\Documents and Settings\***\Application Data\F-Secure

2008-06-07 18:16 . 2008-06-15 13:36        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\F-Secure

2008-06-07 17:47 . 2008-06-12 01:41        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\fssg

2008-06-07 15:48 . 2008-06-07 16:00        160,256        --a------        C:\WINDOWS\system32\blackster.scr

2008-06-07 15:48 . 2008-06-07 15:48        54,156        --ah-----        C:\WINDOWS\QTFont.qfn

2008-06-07 15:48 . 2008-06-07 15:48        1,409        --a------        C:\WINDOWS\QTFont.for

2008-05-28 22:21 . 2008-06-07 18:51        <DIR>        d--------        C:\Documents and Settings\***\DoctorWeb

2008-05-28 21:53 . 2008-05-28 21:53        <DIR>        d--------        C:\Documents and Settings\LocalService\Application Data\Ipswitch

2008-05-27 23:07 . 2008-06-07 21:12        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Lavasoft
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-17 21:48        ---------        d-----w        C:\Documents and Settings\***\Application Data\Canon

2008-06-16 18:07        ---------        d-----w        C:\Program Files\WinPcap

2008-06-15 22:55        ---------        d-----w        C:\Program Files\My Ebook Library

2008-06-08 23:00        ---------        d-----w        C:\Program Files\Common Files\Symantec Shared

2008-06-08 20:05        ---------        d-----w        C:\Program Files\Google

2008-06-08 12:33        ---------        d-----w        C:\Program Files\InterVideo

2008-06-08 12:32        ---------        d-----w        C:\Program Files\Common Files\InterVideo

2008-06-07 19:13        ---------        d-----w        C:\Program Files\Common Files\Wise Installation Wizard

2008-06-07 14:06        ---------        d-----w        C:\Documents and Settings\All Users\Application Data\RetroExp

2008-06-07 13:15        ---------        d-----w        C:\Program Files\avmwlanstick

2008-05-27 23:11        ---------        d-----w        C:\Program Files\Microsoft ActiveSync

2008-05-27 17:38        ---------        d-----w        C:\Program Files\Free Thumbnail Factory

2008-05-08 12:28        202,752        ----a-w        C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-21 18:16        ---------        d-----w        C:\Program Files\7-Zip

2007-03-11 21:04        157        ----a-w        C:\Program Files\adressen.txt

2003-03-22 01:06        135,392        ----a-w        C:\Documents and Settings\***\Application Data\GDIPFONTCACHEV1.DAT

2000-01-07 09:53        696,320        ----a-w        C:\Program Files\Common Files\XCMHook.dll

2000-01-06 13:57        24,576        ----a-w        C:\Program Files\Common Files\XCPCMenu.exe

.
 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@={30351346-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@={30351347-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@={30351348-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mozilla Quick Launch"="C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" [2003-03-12 13:57 140464]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:50 1289000]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 06:39 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 06:39 455168]

"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 04:49 49152]

"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]

"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 04:50 155648]

"HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-04-16 11:24 86016 C:\WINDOWS\system32\PL15Co2K.exe]

"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2003-10-10 12:23 94208]

"AVMWlanClient"="C:\Program Files\avmwlanstick\wlangui.exe" [2008-01-28 01:06 1753088]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 01:20 278528]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 06:37:56 217194]

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-02-12 00:23:03 110592]

FRITZ!DSL Startcenter.lnk - C:\Program Files\FRITZ!DSL\StCenter.exe [2005-08-10 21:02:52 651264]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2002-12-29 00:22:47 106560]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Free WebSite Tools.lnk - C:\Program Files\Free Thumbnail Factory\ThirtyDayTimer.exe [2004-01-14 16:32:23 372224]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

WinCtrl32.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf15.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf73.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch38.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch73.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhl83.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo40.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmq51.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns16.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot50.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu72.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty51.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb51.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc38.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\FreshDevices\\FreshDownload\\fdgo.exe"=

"C:\\Program Files\\FTP Explorer\\ftpx.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE"=

"C:\\Program Files\\FRITZ!DSL\\FBOXUPD.EXE"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 11:16]

R2 vcanv;Virtual CAN Bus Driver;C:\WINDOWS\system32\Drivers\vcanv.sys [2003-05-30 09:07]

R3 AT2500;Allied Telesyn AT-2500 Series PCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\A25v3m5.SYS [2001-09-28 10:21]

R3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28]

S0 Winaf15;Winaf15;C:\WINDOWS\system32\Drivers\Winaf15.sys []

S0 Winaf73;Winaf73;C:\WINDOWS\system32\Drivers\Winaf73.sys []

S0 Winch38;Winch38;C:\WINDOWS\system32\Drivers\Winch38.sys []

S0 Winch73;Winch73;C:\WINDOWS\system32\Drivers\Winch73.sys []

S0 Winhl83;Winhl83;C:\WINDOWS\system32\Drivers\Winhl83.sys []

S0 Winjo40;Winjo40;C:\WINDOWS\system32\Drivers\Winjo40.sys []

S0 Winmq51;Winmq51;C:\WINDOWS\system32\Drivers\Winmq51.sys []

S0 Winns16;Winns16;C:\WINDOWS\system32\Drivers\Winns16.sys []

S0 Winot50;Winot50;C:\WINDOWS\system32\Drivers\Winot50.sys []

S0 Winpu72;Winpu72;C:\WINDOWS\system32\Drivers\Winpu72.sys []

S0 Winty51;Winty51;C:\WINDOWS\system32\Drivers\Winty51.sys []

S0 Winvb51;Winvb51;C:\WINDOWS\system32\Drivers\Winvb51.sys []

S0 Winwc38;Winwc38;C:\WINDOWS\system32\Drivers\Winwc38.sys []

S3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2006-11-07 02:00]

S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-01-28 01:06]

S3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-17 13:50]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-08 20:06:38 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-18 21:04:06

Windows 5.1.2600 Service Pack 2 NTFS
 

scanning hidden processes ... 
 

scanning hidden autostart entries ...
 

scanning hidden files ... 
 

scan completed successfully

hidden files: 0
 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\BRSS01A.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\avmwlanstick\WLanNetService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft ActiveSync\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-06-18 21:14:52 - machine was rebooted [***]

ComboFix-quarantined-files.txt  2008-06-18 19:14:48
 

Pre-Run: 955,006,976 bytes free

Post-Run: 1,055,760,384 bytes free
 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
 

260        --- E O F ---        2008-06-12 01:24:21

Teil 2/2:

ComboFix-quarantined-files.txt:

Code:

1998-05-29 01:00      119400    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\MDM.EXE.vir

2001-08-23 14:00      30080    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Wingl05.sys.vir

2008-06-18 20:24      15360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir

2008-06-18 20:27      15360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir

2008-06-18 20:57      1088    --a------    C:\Qoobox\Quarantine\Registry_backups\Legacy_WINGL05.reg.dat

2008-06-18 20:57      2068    --a------    C:\Qoobox\Quarantine\Registry_backups\Service_Wingl05.reg.dat

2008-06-18 20:58      54    --a------    C:\Qoobox\Quarantine\catchme.log

hijackthis.log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:21:05, on 18.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\avmwlanstick\WlanNetService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\system32\PL15Co2K.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\avmwlanstick\wlangui.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\FRITZ!DSL\StCenter.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm

O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,5/mcinsctl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201045489050

O16 - DPF: {7E3E5294-350D-4DE2-93BC-635BF12FE39D} (WEEditor Class) - http://www.webedition.de/Control.CAB

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache - Unknown owner - c:\eZpublish\apache\apache.exe (file missing)

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
 

--

End of file - 14115 bytes

Mit Wireshark konnte ich bis jetzt auch noch keine Emailkommunikation erkennen. Gefällt mir gut! Was meint ihr?

Hi,

da laufen noch ne Menge böse Sachen im Hintergrund.
Wie wiederstrebend würdest du denn ein Neuaufsetzen in Kauf nehmen? :D

lg myrtille

Myrtille hat recht, der richtige weg ist hier das Neuaufsetzen.

Der andere weg führt über das untenstehende.

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

http://www.trojaner-board.de/54110-hilfe-bei-hijackthis-log-auswertung.html
 

Suspect::

C:\WINDOWS\system32\NETJLK
 

Collect::

C:\WINDOWS\system32\blackster.scr
 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf15.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf73.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch38.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch73.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhl83.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo40.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmq51.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns16.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot50.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu72.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty51.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb51.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc38.sys]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

"WinCtrl32.dll"=-
 

Driver::
 

Winaf15

Winaf73

Winch38

Winch73

Winhl83

Winjo40

Winmq51

Winns16

Winot50

Winpu72

Winty51

Winvb51

Winwc38

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

7. Nachdem das Log im Notepad aufgegenagen ist, erscheint ein Popup
http://saved.im/mjk4ndz0cty0_vs/cfcollect.jpg
Dies mit Ok wegklicken und es öffnet sich Dein Browser. In diesem Browser Fenster "Durchsuchen" auswählen und dann auf Deinem Desktop die neue .Zip Datei ([4]-Submit_Jahr-Monat-Tag_Uhrzeit.71.zip) auswählen. Dann mit Klick auf "Send" senden. So kann der Author die Erkennungsroutine des Programms verbessern.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

Zitat:

Zitat von myrtille (Beitrag 347119)

Hi,
da laufen noch ne Menge böse Sachen im Hintergrund.
Wie wiederstrebend würdest du denn ein Neuaufsetzen in Kauf nehmen? :D
lg myrtille

Hm, da hab ich mich zu früh gefreut...

Eine Neuinstallation ist natürlich nicht so toll. Deshalb hab ich ausgeführt was von BataAlexaner beschrieben wurde. Hier das Ergebnis:

ComboFix.txt:

Code:

ComboFix 08-06-16.5 - *** 2008-06-18 23:49:20.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.655 [GMT 2:00]

Running from: C:\Documents and Settings\***\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\***\Desktop\CFScript.txt

 * Created a new restore point

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\WINDOWS\system32\blackster.scr
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_WINCH38

-------\Legacy_WINHL83

-------\Legacy_WINPU72

-------\Legacy_WINTY51

-------\Legacy_WINWC38

-------\Service_Winaf15

-------\Service_Winaf73

-------\Service_Winch38

-------\Service_Winch73

-------\Service_Winhl83

-------\Service_Winjo40

-------\Service_Winmq51

-------\Service_Winns16

-------\Service_Winot50

-------\Service_Winpu72

-------\Service_Winty51

-------\Service_Winvb51

-------\Service_Winwc38
 
 

(((((((((((((((((((((((((   Files Created from 2008-05-18 to 2008-06-18  )))))))))))))))))))))))))))))))

.
 

2008-06-18 00:33 . 2008-06-18 00:33        <DIR>        d--------        C:\asdf

2008-06-17 01:58 . 2008-06-17 01:58        <DIR>        d--------        C:\WINDOWS\ERUNT

2008-06-17 01:40 . 2008-06-18 20:41        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\PrevxCSI

2008-06-16 23:44 . 2008-06-16 23:44        <DIR>        d--------        C:\Program Files\Trend Micro

2008-06-16 20:51 . 2008-06-16 20:51        <DIR>        d--------        C:\Documents and Settings\***\Application Data\Wireshark

2008-06-12 00:20 . 2008-06-12 00:20        0        --a------        C:\WINDOWS\system32\SBRC.dat

2008-06-12 00:20 . 2008-06-12 00:20        0        --a------        C:\WINDOWS\system32\SBFC.dat

2008-06-12 00:17 . 2008-06-12 00:17        <DIR>        d--------        C:\Documents and Settings\***\Application Data\Sunbelt Software

2008-06-11 08:50 . 2008-06-11 08:50        118        --a------        C:\WINDOWS\system32\MRT.INI

2008-06-11 08:41 . 2008-04-14 13:01        272,128        -----c---        C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 00:15 . 2008-06-11 08:18        <DIR>        d--------        C:\k6logs

2008-06-09 00:34 . 2008-06-09 00:42        8,424,758        --a------        C:\WINDOWS\system32\NETJLK

2008-06-09 00:30 . 2008-06-09 00:30        <DIR>        d--------        C:\Program Files\Avira

2008-06-09 00:30 . 2008-06-09 00:30        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Avira

2008-06-09 00:28 . 2008-06-09 01:00        <DIR>        d--------        C:\WINDOWS\SxsCaPendDel

2008-06-08 22:14 . 2008-06-15 13:37        <DIR>        d-a------        C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-08 22:06 . 2008-06-08 23:08        <DIR>        d--------        C:\Program Files\Norton Security Scan

2008-06-08 22:05 . 2008-06-17 23:18        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-07 23:05 . 2008-06-09 00:30        <DIR>        d--------        C:\Program Files\Windows Live Safety Center

2008-06-07 21:05 . 2008-06-09 00:27        <DIR>        d----c---        C:\WINDOWS\system32\DRVSTORE

2008-06-07 21:04 . 2007-03-29 14:56        409,600        -----c---        C:\WINDOWS\system32\dllcache\qmgr.dll

2008-06-07 21:04 . 2007-03-29 14:56        18,944        -----c---        C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2008-06-07 21:04 . 2007-03-29 14:56        8,192        -----c---        C:\WINDOWS\system32\dllcache\bitsprx2.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        -----c---        C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        -----c---        C:\WINDOWS\system32\dllcache\bitsprx3.dll

2008-06-07 21:04 . 2007-03-29 14:56        7,168        ---------        C:\WINDOWS\system32\bitsprx4.dll

2008-06-07 19:04 . 2008-06-07 19:48        <DIR>        d--------        C:\WINDOWS\BDOSCAN8

2008-06-07 18:28 . 2008-06-07 18:28        <DIR>        d--------        C:\Documents and Settings\***\Application Data\F-Secure

2008-06-07 18:16 . 2008-06-15 13:36        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\F-Secure

2008-06-07 17:47 . 2008-06-12 01:41        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\fssg

2008-06-07 15:48 . 2008-06-07 15:48        54,156        --ah-----        C:\WINDOWS\QTFont.qfn

2008-06-07 15:48 . 2008-06-07 15:48        1,409        --a------        C:\WINDOWS\QTFont.for

2008-05-28 22:21 . 2008-06-07 18:51        <DIR>        d--------        C:\Documents and Settings\***\DoctorWeb

2008-05-28 21:53 . 2008-05-28 21:53        <DIR>        d--------        C:\Documents and Settings\LocalService\Application Data\Ipswitch

2008-05-27 23:07 . 2008-06-07 21:12        <DIR>        d--------        C:\Documents and Settings\All Users\Application Data\Lavasoft
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-17 21:48        ---------        d-----w        C:\Documents and Settings\***\Application Data\Canon

2008-06-16 18:07        ---------        d-----w        C:\Program Files\WinPcap

2008-06-15 22:55        ---------        d-----w        C:\Program Files\My Ebook Library

2008-06-08 23:00        ---------        d-----w        C:\Program Files\Common Files\Symantec Shared

2008-06-08 20:05        ---------        d-----w        C:\Program Files\Google

2008-06-08 12:33        ---------        d-----w        C:\Program Files\InterVideo

2008-06-08 12:32        ---------        d-----w        C:\Program Files\Common Files\InterVideo

2008-06-07 19:13        ---------        d-----w        C:\Program Files\Common Files\Wise Installation Wizard

2008-06-07 14:06        ---------        d-----w        C:\Documents and Settings\All Users\Application Data\RetroExp

2008-06-07 13:15        ---------        d-----w        C:\Program Files\avmwlanstick

2008-05-27 23:11        ---------        d-----w        C:\Program Files\Microsoft ActiveSync

2008-05-27 17:38        ---------        d-----w        C:\Program Files\Free Thumbnail Factory

2008-05-08 12:28        202,752        ----a-w        C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-21 18:16        ---------        d-----w        C:\Program Files\7-Zip

2007-03-11 21:04        157        ----a-w        C:\Program Files\adressen.txt

2003-03-22 01:06        135,392        ----a-w        C:\Documents and Settings\***\Application Data\GDIPFONTCACHEV1.DAT

2000-01-07 09:53        696,320        ----a-w        C:\Program Files\Common Files\XCMHook.dll

2000-01-06 13:57        24,576        ----a-w        C:\Program Files\Common Files\XCPCMenu.exe

.
 

(((((((((((((((((((((((((((((   snapshot@2008-06-18_21.14.33.88   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-18 19:02:35        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

+ 2008-06-18 21:55:48        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@={30351346-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@={30351347-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@={30351348-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}
 

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2006-04-05 17:17        442368        --a------        C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mozilla Quick Launch"="C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" [2003-03-12 13:57 140464]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:50 1289000]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 06:39 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 06:39 455168]

"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 04:49 49152]

"AtiPTA"="atiptaxx.exe" [2002-07-25 11:04 290816 C:\WINDOWS\system32\atiptaxx.exe]

"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 04:50 155648]

"HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-04-16 11:24 86016 C:\WINDOWS\system32\PL15Co2K.exe]

"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2003-10-10 12:23 94208]

"AVMWlanClient"="C:\Program Files\avmwlanstick\wlangui.exe" [2008-01-28 01:06 1753088]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 01:20 278528]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 06:37:56 217194]

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-02-12 00:23:03 110592]

FRITZ!DSL Startcenter.lnk - C:\Program Files\FRITZ!DSL\StCenter.exe [2005-08-10 21:02:52 651264]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2002-12-29 00:22:47 106560]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Free WebSite Tools.lnk - C:\Program Files\Free Thumbnail Factory\ThirtyDayTimer.exe [2004-01-14 16:32:23 372224]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

WinCtrl32.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\FreshDevices\\FreshDownload\\fdgo.exe"=

"C:\\Program Files\\FTP Explorer\\ftpx.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE"=

"C:\\Program Files\\FRITZ!DSL\\FBOXUPD.EXE"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 11:16]

R2 vcanv;Virtual CAN Bus Driver;C:\WINDOWS\system32\Drivers\vcanv.sys [2003-05-30 09:07]

R3 AT2500;Allied Telesyn AT-2500 Series PCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\A25v3m5.SYS [2001-09-28 10:21]

R3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28]

S3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2006-11-07 02:00]

S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-01-28 01:06]

S3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-17 13:50]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-08 20:06:38 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-18 23:57:44

Windows 5.1.2600 Service Pack 2 NTFS
 

scanning hidden processes ... 
 

scanning hidden autostart entries ...
 

scanning hidden files ... 
 

scan completed successfully

hidden files: 0
 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\BRSS01A.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\avmwlanstick\WLanNetService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Microsoft ActiveSync\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-06-19  0:08:27 - machine was rebooted

ComboFix-quarantined-files.txt  2008-06-18 22:08:21

ComboFix2.txt  2008-06-18 19:14:53
 

Pre-Run: 1,026,490,368 bytes free

Post-Run: 1,012,654,080 bytes free
 

232        --- E O F ---        2008-06-12 01:24:21

Malware Submission an Bleeping Computer - Computer Help and Discussion habe ich durchgeführt.

Was sagt das Log diesmal?

und gleich nochmal ein hijackthis.log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:26:04, on 19.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\avmwlanstick\WlanNetService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\system32\PL15Co2K.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\avmwlanstick\wlangui.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\FRITZ!DSL\StCenter.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm

O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,5/mcinsctl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201045489050

O16 - DPF: {7E3E5294-350D-4DE2-93BC-635BF12FE39D} (WEEditor Class) - http://www.webedition.de/Control.CAB

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache - Unknown owner - c:\eZpublish\apache\apache.exe (file missing)

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
 

--

End of file - 14128 bytes

ComboFix.txt befindet sich einen Betrag weiter unten

Hi,
ich lass Bata mal den Rest überprüfen, war ja sein Idee das ganze. :blabla:

Der Eintrag hier ist auf jedenfall schädlichen Ursprungs, wenn auch inaktiv:

Zitat:

O4 - Global Startup: AutorunsDisabled
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

Die Einträge kannste auch fixen, die sind nicht mehr wirksam:

Zitat:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)

lg myrtille

Hallo myrtille,

dennoch vielen Dank! Ich hab die letzten drei Einträge mit den fehlenden Dateien gelöscht.

Zitat:

Der Eintrag hier ist auf jedenfall schädlichen Ursprungs, wenn auch inaktiv:
Zitat:
O4 - Global Startup: AutorunsDisabled
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

Bedeutet das, dass ich diese Einträge auch fixen kann? Oder sollte ich lieber auf Bata warten?

Du bist der Meinung, dass mein Rechner immer noch nicht sauber ist?

Zitat:

Zitat von Masus (Beitrag 347164)

Oder sollte ich lieber auf Bata warten?

Musst Du nicht, Mytrille sagt ja das richtige. Fixe die Einträge wie beschrieben.

Um Combofix zu loeschen(den qoobox ordner) gebe unter Start /Ausführen "combofix /u" ein. Ohne die " natürlich.

http://img247.imageshack.us/img247/7...ombofixvs6.jpg

Cureit Dr.Web

Downloade Dr.Web CureIt!
Speichere es auf deinem Desktop.
Entpacke es in einen eigenen Ordner.
Lies nun zuerst die deutsche Anleitung und drucke sie dir aus.

Lass alle Malware in den Quarantaene Ordner verschieben.
Ignoriere eventuelle Warnungen seitens deines AV Programms, du kannst auch offline gehen und -> dann dein AV Programm während des Scannens mit Dr.Web CureIt! abstellen.
Vergiss bitte nicht, dein AV Programm nach dem Scan wieder anzustellen.

Speichere das Logfile - siehe Anleitung - und poste es.

Hallo,

jetzt habe ich meinen Rechner mit Cureit Dr.Web gescannt. Sogar zweimal, denn beim ersten Durchlauf hat sich der Scanner aufgehängt (ärgerlich da schon über 8 Stunden gescannt). Bis zu diesem Punkt wurde bis auf Kopien von SDFix und ComboFix nichts gefunden. Beim zweiten fehlerfreien Durchgang wurde nichts gefunden.

-> Deshalb hab ich gleich nochmals ein HijackThis Logfile hinzugefügt.

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17:17, on 20.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\avmwlanstick\WlanNetService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\system32\PL15Co2K.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\avmwlanstick\wlangui.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\FRITZ!DSL\StCenter.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm

O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,5/mcinsctl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201045489050

O16 - DPF: {7E3E5294-350D-4DE2-93BC-635BF12FE39D} (WEEditor Class) - http://www.webedition.de/Control.CAB

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache - Unknown owner - c:\eZpublish\apache\apache.exe (file missing)

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
 

--

End of file - 13596 bytes

Ich hoffe das ist soweit alles OK (sowohl mein Rechner als auch das Vorgehen meinerseits)

Du hast alles richtig gemacht und ich finde in dem HiJackThis Log keine Besonderheiten mehr. :)
Viel Spaß im Netz.

Hallo Bata und myrtille,

vielen Dank für eure Hilfe. Die Rund-Um-Die-Uhr-Betreuung war spitze.

Nochmals vielen vielen Dank !!! :aplaus: