hallo,
hab folgendes problem, vielleicht kann mir jemand helfen:

wenn ich den computer hochfahre kommt folgende meldung:

C:\windows\config\crss.exe konnte nicht gefunden werden. Stellen sie sicher dass sie den namen korrekt eingegeben haben.......

bitte um hilfe!

Hallo

Erstelle und poste bitte einen
HijackThis log

hijack hier:


Logfile of HijackThis v1.99.1
Scan saved at 18:32:07, on 06.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINXP\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\Explorer.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINXP\system32\RUNDLL32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
H:\Sicherung\Programme_Aug_07\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.9.24.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk = C:\Programme\Office-Bibliothek\PCLib.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4888F7B-7F4D-4E63-A7D9-9E66B3F71D7D}: NameServer = 195.34.133.21,195.34.133.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINXP\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

Hallo

öffne das HijackThis -- Button "scan" -- vor diese Einträge ein Häkchen setzen -- Button "Fix checked" -- PC neustarten

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe


SDFix im abgesicherten Modus (bei Neustart F8 drücken)
anwenden
http://www.virus-protect.org/artikel/tools/sdfix.html
Mit Sophos
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
RunThis.bat doppelt klicken
reinschreiben:
3 : wird Sophos geladen - wähle 6 - scanne und poste nach Neustart den Scanreport Reporte liegen unter C:\SDFix


WindowsScan laden,
ausführen, Report posten

CCLEANER ausführen

ComboFix – auf dem Desktop speichern.
Beende nun dein Antiviren- & evtl. Antispywareprogramm <-- Wichtig
Doppelklicken auf: combofix.exe
Gib eine 1 ein, um den Scan zu starten, wenn du danach gefragt wirst.
Die Datenträgerbereinigung abwarten (bis ca. 20 Min/ Neustart kann erfolgen)
mit der rechten Maustaste den Text markieren -> kopieren -> vollständig posten

SDFix: Version 1.169
Run by on 11.04.2008 at 12:31

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 12:34:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\winxp\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\winxp\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:18,aa,d8,3a,57,29,86,e2,ce,af,c2,66,9d,6e,41,46,38,94,58,5b,bb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:14,d0,0f,1f,3e,bb,df,35,ae,f1,14,6c,bc,76,02,5a,95,8f,b1,1b,27,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,19,46,db,9f,36,30,02,08,79,b5,6f,07,67,0f,46,8b,2f,..
"khjeh"=hex:0b,6b,7c,b1,b3,9e,46,fc,30,44,e3,69,a6,e9,25,6f,26,e1,02,f8,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a9,b3,26,f9,af,85,c4,53,43,40,5c,9f,27,58,9e,30,84,51,b5,26,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:18,aa,d8,3a,57,29,86,e2,ce,af,c2,66,9d,6e,41,46,38,94,58,5b,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:14,d0,0f,1f,3e,bb,df,35,ae,f1,14,6c,bc,76,02,5a,95,8f,b1,1b,27,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,19,46,db,9f,36,30,02,08,79,b5,6f,07,67,0f,46,8b,2f,..
"khjeh"=hex:0b,6b,7c,b1,b3,9e,46,fc,30,44,e3,69,a6,e9,25,6f,26,e1,02,f8,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a9,b3,26,f9,af,85,c4,53,43,40,5c,9f,27,58,9e,30,84,51,b5,26,40,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 5 Apr 2008 24 ..SH. --- "C:\WINXP\S5A1BD28C.tmp"

Finished!

______________________________________________________________________________________-


windows scan:


Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINXP *****
***** ***** ***** ***** *****

11.04.2008 QTFont.qfn 12 40:54.156
11.04.2008 WindowsUpdate.log 12 40:181.626
11.04.2008 wiadebug.log 12 34:159
11.04.2008 wiaservc.log 12 34:50
11.04.2008 0.log 12 34:0
11.04.2008 bootstat.dat 12 34:2.048
11.04.2008 ntbtlog.txt 12 30:139.244
11.04.2008 SchedLgU.Txt 12 27:16.664
05.04.2008 NeroDigital.ini 16 07:69
05.04.2008 InoSetup.ini 14 34:47
05.04.2008 S5A1BD28C.tmp 14 19:24
17.03.2008 setupapi.log 10 25:497.152
06.03.2008 DirectX.log 18 47:282.239
Pack 22.02.2008 Codec 10 50:34.904
22.02.2008 iun6002.exe 10 49:737.280
01.02.2008 QTFont.for 15 14:1.409
25.01.2008 ODBC.INI 17 14:394
25.01.2008 win.ini 17 14:603
25.01.2008 wmsetup.log 11 26:5.730
23.01.2008 PROTOCOL.INI 21 23:0
23.01.2008 game.ini 20 53:311
23.01.2008 LAN.log 18 53:197
23.01.2008 Ascd_log.ini 18 51:14.461
23.01.2008 audio.log 18 51:164
23.01.2008 SMinstall.log 18 51:15.373
23.01.2008 iis6.log 18 50:66.210
23.01.2008 imsins.log 18 50:1.374


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINXP\system32 *****
***** ***** ***** ***** *****

11.04.2008 vsconfig.xml 12 34:358.830
10.04.2008 wpa.dbl 18 20:2.206
05.04.2008 FNTCACHE.DAT 14 36:123.728
05.04.2008 perfh009.dat 14 34:312.350
05.04.2008 perfc007.dat 14 34:48.964
05.04.2008 perfh007.dat 14 34:317.534
05.04.2008 perfc009.dat 14 34:40.738
05.04.2008 PerfStringBackup.INI 14 34:725.674
23.01.2008 BASSMOD.dll 19 23:9.728
23.01.2008 bitcometres.dll 19 16:2.560
23.01.2008 zllictbl.dat 19 03:4.212
23.01.2008 $winnt$.inf 18 39:413
23.01.2008 CONFIG.NT 18 39:2.951
23.01.2008 amcompat.tlb 18 38:16.832
23.01.2008 nscompat.tlb 18 38:23.392
23.01.2008 WindowsLogon.manifest 18 38:488
23.01.2008 logonui.exe.manifest 18 38:488
23.01.2008 wuaucpl.cpl.manifest 18 38:749
23.01.2008 ncpa.cpl.manifest 18 38:749
23.01.2008 sapi.cpl.manifest 18 38:749
23.01.2008 cdplayer.exe.manifest 18 38:749
23.01.2008 nwc.cpl.manifest 18 38:749
23.01.2008 emptyregdb.dat 18 36:21.740
23.01.2008 h323log.txt 18 34:0
08.01.2008 lsasrv.dll 22 41:734.720
13.12.2007 vsutil_loc0407.dll 19 27:54.672
13.12.2007 imslsp_install_loc0407.dll 19 27:17.808
13.12.2007 imsinstall_loc0407.dll 19 27:21.904
13.12.2007 vsdatant.sys 19 27:394.952
13.12.2007 zpeng24.dll 19 27:1.086.952
13.12.2007 vswmi.dll 19 26:46.568
13.12.2007 zlcommdb.dll 19 26:71.144
13.12.2007 vsutil.dll 19 26:472.552
13.12.2007 zlcomm.dll 19 26:83.432
13.12.2007 vsxml.dll 19 26:99.816
13.12.2007 vsregexp.dll 19 26:71.144
13.12.2007 vsdata.dll 19 26:83.432
13.12.2007 vsinit.dll 19 26:157.160
13.12.2007 vsmonapi.dll 19 26:103.912
13.12.2007 vspubapi.dll 19 26:275.944
13.12.2007 libeay32_0.9.6l.dll 19 26:796.048
12.12.2007 quartz.dll 00 24:1.293.312
12.12.2007 mqutil.dll 00 24:533.504
12.12.2007 mqupgrd.dll 00 24:48.640
12.12.2007 mqqm.dll 00 24:660.992
12.12.2007 mqrt.dll 00 24:177.152
12.12.2007 mqsec.dll 00 24:95.744


***** ***** ***** ***** *****
***** Scanning C:\WINXP\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 28 K
System 4 Console 0 240 K
smss.exe 580 Console 0 408 K
csrss.exe 636 Console 0 3.964 K
winlogon.exe 660 Console 0 3.872 K
services.exe 704 Console 0 3.912 K
lsass.exe 716 Console 0 2.512 K
svchost.exe 876 Console 0 5.116 K
svchost.exe 924 Console 0 4.228 K
svchost.exe 988 Console 0 19.216 K
svchost.exe 1104 Console 0 3.284 K
svchost.exe 1136 Console 0 4.536 K
vsmon.exe 1232 Console 0 23.684 K
spoolsv.exe 1544 Console 0 4.708 K
explorer.exe 1916 Console 0 26.004 K
AppleMobileDeviceService. 1880 Console 0 2.216 K
InoRpc.exe 2040 Console 0 6.264 K
InoRT.exe 192 Console 0 24.904 K
InoTask.exe 176 Console 0 5.560 K
LogWatNT.exe 448 Console 0 1.448 K
NBService.exe 968 Console 0 5.740 K
nvsvc32.exe 384 Console 0 4.240 K
StarWindServiceAE.exe 1208 Console 0 3.740 K
svchost.exe 1664 Console 0 4.240 K
alg.exe 2120 Console 0 3.564 K
wscntfy.exe 2164 Console 0 2.296 K
smax4pnp.exe 3960 Console 0 4.388 K
SMax4.exe 3976 Console 0 2.736 K
zlclient.exe 4000 Console 0 4.492 K
rundll32.exe 4032 Console 0 3.504 K
iTunesHelper.exe 4060 Console 0 11.508 K
Realmon.exe 524 Console 0 5.500 K
ctfmon.exe 616 Console 0 3.588 K
msmsgs.exe 1072 Console 0 2.056 K
daemon.exe 2068 Console 0 7.420 K
NMBgMonitor.exe 1712 Console 0 10.424 K
RegistryBooster.exe 3516 Console 0 8.404 K
NMIndexingService.exe 2276 Console 0 9.912 K
NMIndexStoreSvr.exe 1952 Console 0 15.440 K
reader_sl.exe 2564 Console 0 2.884 K
iPodService.exe 2052 Console 0 3.852 K
IEXPLORE.EXE 3600 Console 0 59.872 K
cmd.exe 3536 Console 0 1.920 K
tasklist.exe 3272 Console 0 4.476 K
wmiprvse.exe 3324 Console 0 5.712 K



Microsoft Windows XP [Version 5.1.2600]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 11.04.2008 um 12:43:09,95 ***

hab bis auf den combofix-post alles hinbekommen. ist kein neustart erfolgt aber egal,
die meldung kommt nicht mehr.
danke vielmals für deine hilfe