PC stürtz andauern ab

von **Dante92** am 02.03.2008, 01:46

Hallo.

Mein PC stürtzt alle par Stunden ohne Grund einfach ab! Beim abstürtzen kommt ein blauer Bildschirm. Unten steht dann irgendwas von dumping oder so. ich hab mal ein logfile mit hijackthis gemacht:

[spoiler]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:54, on 02.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 74.86.252.247 l2testauthd.lineage2.com
O1 - Hosts: 74.86.252.247 l2authd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9206 bytes[/spoiler]

Kann mir da jemand weiterhelfen? Mein Betriebssystem ist Vista ich hab den PC seit etwa einem Monat und ich kann einfach nich glauben das der jetzt schon im arsch ist.

von **Thanatos** am 02.03.2008, 10:57

Markiere folgende Einträge durch abhacken und klicke danach auf Fix checked.

Anschließend Computer neu starten.

Code: Alles auswählen: O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

Poste bitte danach ein neues Logfile.

von **Dante92** am 02.03.2008, 13:43

Hier der Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:54, on 02.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 74.86.252.247 l2testauthd.lineage2.com
O1 - Hosts: 74.86.252.247 l2authd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9206 bytes

von **Dante92** am 02.03.2008, 13:43

Hier der Logfile:

Code: Alles auswählen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:54, on 02.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: 74.86.252.247 l2testauthd.lineage2.com O1 - Hosts: 74.86.252.247 l2authd.lineage2.com O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9206 bytes

von **Humdinger** am 02.03.2008, 14:01

Hallo

Du solltest dein System überprüfen.

Bitte arbeite diese
>>>Anleitung<<<
ab und poste wie angegeben die Reporte

(den unteren Teil für Vista Nutzer bitte)

von **Dante92** am 02.03.2008, 14:22

Is mir zuviel Arbeit... Ich will blos wissen wieso das passiert und wie ich es am schnellsten wieder in Ordnung bringen kann. So ne riesen Liste abzuarbeiten is nichts für mich^^

von **Dante92** am 02.03.2008, 21:54

Weiß keiner was?

von **tmoser2** am 04.03.2008, 16:44

Ich verstehe dich nicht. Du willst wissen, wie du dein System schnell wieder in Ordnung bringst, machst aber nicht das, was dir gesagt wird. :shock:

Du solltest die Liste abarbeiten, da auf dem Wege schon ein Teil möglicher Probleme beseitigt wird und aus den Reports ggf. hervorgeht, was dein Problem auslöst.

Mir hat man auf diesem Wege geholfen.

Die Jungs, die hier Ihre Zeit investieren, um uns Laien zu helfen, machen das in Ihrer Freizeit und unentgeltlich. Wenn Du hilfe brauchst, musst du schon mitarbeiten. Ansonsten hilft nur der gang zum Fachhändler. :!:

von **Dante92** am 05.03.2008, 21:19

nagut ich werds versuchen

von **Dante92** am 19.03.2008, 22:09

also habe es mal ausprobier... von counterspy find ich den log nich ... bei cclean denk ich ma ging alles gut aber combifix macht probleme.. ich starte es und wenn ich meine maus auch nur ein bisschen bewege stürtzt mein pc ab so wie er es eig. immer tut... aber irgedwie will combofix auch nich arbeiten d.h. ich hab ein problem... außerdem denke ich das ich wenn ich ein spiel spiele z.B. titan quest das es dann absürtzt wenn ich den pc aber nur an hab und kein spiel anhab das dann nichts passiert...

von **Dante92** am 19.03.2008, 22:15

hier der log vom vistascan:

Code: Alles auswählen: Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\Windows ***** ***** ***** ***** ***** ***** 2008-03-19 WindowsUpdate.log 20 32:1,573,273 2008-03-19 bootstat.dat 20 29:67,584 2008-03-19 MEMORY.DMP 20 26:199,657,541 2008-03-19 PFRO.log 16 15:1,742 2008-03-19 system.ini 15 03:215 2008-03-19 ntbtlog.txt 15 03:191,154 2008-03-05 DIIUnin.dat 18 52:35,810 2008-03-05 DIIUnin.pif 18 28:2,829 2008-03-05 DIIUnin.exe 18 28:102,400 2008-03-05 win.ini 13 56:128 2008-03-01 scunin.dat 18 42:11,103 2008-03-01 ScUnin.pif 18 42:967 2008-03-01 ScUnin.exe 18 42:67,584 2008-02-02 doom3.ini 13 09:331 2008-01-14 nsreg.dat 20 39:0 2007-11-15 csup.txt 22 47:10 2007-11-15 mgxoschk.ini 22 38:6,768 2007-11-15 ocsetup_install_OEMHelpCustomization.etl 22 36:16,908,288 2007-11-15 ocsetup_cbs_install_OEMHelpCustomization.perf 22 36:196,608 2007-11-15 ocsetup_cbs_install_OEMHelpCustomization.dpx 22 36:65,536 2007-11-15 WindowsShell.Manifest 22 26:749 2007-11-03 explorer.exe 00 52:2,923,520 2007-08-16 UNNeroMediaHome.exe 11 05:972,072 2007-08-04 UNRecode.exe 10 40:972,072 2007-07-06 RtHDVCpl.exe 10 06:4,669,440 2007-06-15 SkyTel.exe 15 45:1,826,816 2007-03-21 UNNeroVision.exe 21 02:972,336 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32 ***** ***** ***** ***** ***** ***** 2008-03-19 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 20 29:3,072 2008-03-19 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 20 29:3,072 2008-03-19 SBFC.dat 14 26:176 2008-03-19 SBSP.dat 14 26:7,445,396 2008-03-19 perfh009.dat 02 23:609,944 2008-03-19 perfc009.dat 02 23:103,726 2008-03-19 perfh007.dat 02 23:641,106 2008-03-19 perfc007.dat 02 23:116,500 2008-03-19 PerfStringBackup.INI 02 23:1,461,736 2008-03-15 jupdate-1.6.0_05-b13.log 13 43:6,591 2008-03-09 SBRC.dat 13 15:104 2008-03-08 KGyGaAvL.sys 17 39:848 2008-03-05 SIntfNT.dll 18 45:21,840 2008-03-05 SIntf32.dll 18 45:17,212 2008-03-05 SIntf16.dll 18 45:12,067 2008-03-05 CmdLineExt03.dll 17 43:43,520 2008-03-05 mrt.exe 17 30:19,148,408 2008-03-05 FNTCACHE.DAT 15 00:413,128 2008-02-22 javaws.exe 02 33:139,264 2008-02-22 javaw.exe 01 23:135,168 2008-02-22 java.exe 01 23:135,168 2008-02-14 WebClnt.dll 06 57:196,096 2008-02-14 davclnt.dll 06 57:48,640 2008-02-14 wpd_ci.dll 06 56:613,888 2008-02-14 clfs.sys 06 56:224,824 2008-02-14 cfgmgr32.dll 06 56:19,456 2008-02-14 drvinst.exe 06 56:101,888 2008-02-14 umpnpmgr.dll 06 56:221,696 2008-02-14 dpx.dll 06 56:260,096 2008-02-14 kbd106n.dll 06 56:6,656 2008-02-14 oleaut32.dll 06 56:559,104 2008-02-14 setupapi.dll 06 56:1,585,664 2008-02-14 f3ahvoas.dll 06 56:7,168 2008-02-14 batt.dll 06 56:12,800 2008-02-14 dispci.dll 06 56:35,328 2008-02-14 winresume.exe 06 56:905,400 2008-02-14 winload.exe 06 56:943,800 2008-02-14 nshhttp.dll 06 56:23,552 2008-02-14 lodctr.exe 06 56:39,424 2008-02-14 unlodctr.exe 06 56:32,256 2008-02-14 loadperf.dll 06 56:115,200 2008-02-14 prflbmsg.dll 06 56:17,408 2008-02-14 schedsvc.dll 06 56:595,968 2008-02-14 netcfg.exe 06 54:24,064 2008-02-14 tcpipcfg.dll 06 54:167,424 2008-02-14 netiougc.exe 06 54:22,016 2008-02-14 GameUXLegacyGDFs.dll 06 54:4,247,552 ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally #comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 74.86.252.247 l2testauthd.lineage2.com 74.86.252.247 l2authd.lineage2.com ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 28 K System 4 Services 0 14452 K smss.exe 432 Services 0 536 K csrss.exe 564 Services 0 4456 K wininit.exe 616 Services 0 3268 K csrss.exe 628 Console 1 8984 K services.exe 664 Services 0 5888 K lsass.exe 680 Services 0 1588 K lsm.exe 688 Services 0 3516 K svchost.exe 832 Services 0 5048 K winlogon.exe 868 Console 1 4308 K svchost.exe 928 Services 0 5204 K svchost.exe 1028 Services 0 10364 K svchost.exe 1052 Services 0 78776 K svchost.exe 1064 Services 0 21696 K audiodg.exe 1144 Services 0 14396 K SLsvc.exe 1176 Services 0 3692 K svchost.exe 1208 Services 0 8660 K svchost.exe 1364 Services 0 10804 K spoolsv.exe 1656 Services 0 6632 K svchost.exe 1712 Services 0 7980 K taskeng.exe 1828 Console 1 8992 K dwm.exe 1968 Console 1 50248 K explorer.exe 280 Console 1 32160 K taskeng.exe 716 Services 0 5068 K rundll32.exe 1836 Console 1 3424 K RtHDVCpl.exe 460 Console 1 4768 K rundll32.exe 912 Console 1 4736 K AVKTray.exe 1468 Console 1 4308 K jusched.exe 1288 Console 1 2896 K iTunesHelper.exe 1532 Console 1 5032 K sidebar.exe 1984 Console 1 22552 K GoogleToolbarNotifier.exe 2064 Console 1 1064 K daemon.exe 2072 Console 1 5836 K MouseDrv.exe 2144 Console 1 4400 K sidebar.exe 2208 Console 1 12228 K AppleMobileDeviceService. 2372 Services 0 2660 K AVKService.exe 2404 Services 0 3788 K AVKWCtl.exe 2416 Services 0 29540 K mDNSResponder.exe 2452 Services 0 3160 K KMWDSrv.exe 2496 Services 0 2852 K NBService.exe 2528 Services 0 4528 K svchost.exe 2656 Services 0 3560 K PSIService.exe 2712 Services 0 2900 K StarWindServiceAE.exe 2848 Services 0 3920 K svchost.exe 2868 Services 0 4800 K TeamViewer_Host.exe 2896 Services 0 2592 K svchost.exe 2964 Services 0 1800 K SearchIndexer.exe 2996 Services 0 14724 K AVKProxy.exe 3044 Services 0 22820 K WUDFHost.exe 3248 Services 0 4400 K iPodService.exe 3296 Services 0 4084 K mobsync.exe 3588 Console 1 5276 K TeamSpeak.exe 4032 Console 1 16500 K ICQ.exe 4368 Console 1 89040 K firefox.exe 5656 Console 1 44824 K SearchProtocolHost.exe 4828 Services 0 8752 K WmiPrvSE.exe 5384 Services 0 6040 K cmd.exe 2460 Console 1 3016 K conime.exe 3884 Console 1 3384 K SearchFilterHost.exe 792 Services 0 4820 K tasklist.exe 156 Console 1 4564 K Microsoft Windows [Version 6.0.6000] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 2008-03-19 um 21:14:20.23 ***

von **Dante92** am 19.03.2008, 22:51

ok combofix funktioniert war meine schuld... haba ber als es fertig war beim log auf speichern geklickt (da bin ich mir zu 40 % sicher^^) und dann oben halt x jetzt find ichs den log nich XD aber ich machs nochmal ... hat 30 min gedauert das mit combofix

edit: hmm der will kein zweites mal starten? also der log sollte irgendwo gespeichert sein aber nich auf dem desktop und durch suchen find ich den auch nich hab ja jetzt noch den log von vista scan ob das reicht? ich mach nochmal einen mit hijackthis-.-

von **Dante92** am 19.03.2008, 22:59

hier der log:

Code: Alles auswählen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:54, on 02.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: 74.86.252.247 l2testauthd.lineage2.com O1 - Hosts: 74.86.252.247 l2authd.lineage2.com O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9206 bytes

ich hoffe ihr könnt was damit anfangen...

von **Dante92** am 19.03.2008, 23:00

tmoser2 hat geschrieben:Ich verstehe dich nicht. Du willst wissen, wie du dein System schnell wieder in Ordnung bringst, machst aber nicht das, was dir gesagt wird.

Du solltest die Liste abarbeiten, da auf dem Wege schon ein Teil möglicher Probleme beseitigt wird und aus den Reports ggf. hervorgeht, was dein Problem auslöst.

Mir hat man auf diesem Wege geholfen.

Die Jungs, die hier Ihre Zeit investieren, um uns Laien zu helfen, machen das in Ihrer Freizeit und unentgeltlich. Wenn Du hilfe brauchst, musst du schon mitarbeiten. Ansonsten hilft nur der gang zum Fachhändler.

und sry^^ war nich so gemeint blos wenn ich so ne lange liste anseh vergeht mir die lust dazu den wieder hinzukriegen^^ brauche trotzdem nochmal hilfe denn ich find den log von counterspy und combofix nich...

von **Dante92** am 19.03.2008, 23:35

so ich habs geschafft^^ hat zwar lange gedauert aber ok habe 3 logs die vom counterspy find ich einfach nich

HiJackThis:

Code: Alles auswählen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:54, on 02.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: 74.86.252.247 l2testauthd.lineage2.com O1 - Hosts: 74.86.252.247 l2authd.lineage2.com O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo971] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [{66BA3897-86BD-794F-875B-EB856A366EB8}] C:\Users\Richard\AppData\Roaming\trainerv2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9206 bytes

VistaScan:

Code: Alles auswählen: Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\Windows ***** ***** ***** ***** ***** ***** 2008-03-19 WindowsUpdate.log 20 32:1,573,273 2008-03-19 bootstat.dat 20 29:67,584 2008-03-19 MEMORY.DMP 20 26:199,657,541 2008-03-19 PFRO.log 16 15:1,742 2008-03-19 system.ini 15 03:215 2008-03-19 ntbtlog.txt 15 03:191,154 2008-03-05 DIIUnin.dat 18 52:35,810 2008-03-05 DIIUnin.pif 18 28:2,829 2008-03-05 DIIUnin.exe 18 28:102,400 2008-03-05 win.ini 13 56:128 2008-03-01 scunin.dat 18 42:11,103 2008-03-01 ScUnin.pif 18 42:967 2008-03-01 ScUnin.exe 18 42:67,584 2008-02-02 doom3.ini 13 09:331 2008-01-14 nsreg.dat 20 39:0 2007-11-15 csup.txt 22 47:10 2007-11-15 mgxoschk.ini 22 38:6,768 2007-11-15 ocsetup_install_OEMHelpCustomization.etl 22 36:16,908,288 2007-11-15 ocsetup_cbs_install_OEMHelpCustomization.perf 22 36:196,608 2007-11-15 ocsetup_cbs_install_OEMHelpCustomization.dpx 22 36:65,536 2007-11-15 WindowsShell.Manifest 22 26:749 2007-11-03 explorer.exe 00 52:2,923,520 2007-08-16 UNNeroMediaHome.exe 11 05:972,072 2007-08-04 UNRecode.exe 10 40:972,072 2007-07-06 RtHDVCpl.exe 10 06:4,669,440 2007-06-15 SkyTel.exe 15 45:1,826,816 2007-03-21 UNNeroVision.exe 21 02:972,336 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32 ***** ***** ***** ***** ***** ***** 2008-03-19 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 20 29:3,072 2008-03-19 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 20 29:3,072 2008-03-19 SBFC.dat 14 26:176 2008-03-19 SBSP.dat 14 26:7,445,396 2008-03-19 perfh009.dat 02 23:609,944 2008-03-19 perfc009.dat 02 23:103,726 2008-03-19 perfh007.dat 02 23:641,106 2008-03-19 perfc007.dat 02 23:116,500 2008-03-19 PerfStringBackup.INI 02 23:1,461,736 2008-03-15 jupdate-1.6.0_05-b13.log 13 43:6,591 2008-03-09 SBRC.dat 13 15:104 2008-03-08 KGyGaAvL.sys 17 39:848 2008-03-05 SIntfNT.dll 18 45:21,840 2008-03-05 SIntf32.dll 18 45:17,212 2008-03-05 SIntf16.dll 18 45:12,067 2008-03-05 CmdLineExt03.dll 17 43:43,520 2008-03-05 mrt.exe 17 30:19,148,408 2008-03-05 FNTCACHE.DAT 15 00:413,128 2008-02-22 javaws.exe 02 33:139,264 2008-02-22 javaw.exe 01 23:135,168 2008-02-22 java.exe 01 23:135,168 2008-02-14 WebClnt.dll 06 57:196,096 2008-02-14 davclnt.dll 06 57:48,640 2008-02-14 wpd_ci.dll 06 56:613,888 2008-02-14 clfs.sys 06 56:224,824 2008-02-14 cfgmgr32.dll 06 56:19,456 2008-02-14 drvinst.exe 06 56:101,888 2008-02-14 umpnpmgr.dll 06 56:221,696 2008-02-14 dpx.dll 06 56:260,096 2008-02-14 kbd106n.dll 06 56:6,656 2008-02-14 oleaut32.dll 06 56:559,104 2008-02-14 setupapi.dll 06 56:1,585,664 2008-02-14 f3ahvoas.dll 06 56:7,168 2008-02-14 batt.dll 06 56:12,800 2008-02-14 dispci.dll 06 56:35,328 2008-02-14 winresume.exe 06 56:905,400 2008-02-14 winload.exe 06 56:943,800 2008-02-14 nshhttp.dll 06 56:23,552 2008-02-14 lodctr.exe 06 56:39,424 2008-02-14 unlodctr.exe 06 56:32,256 2008-02-14 loadperf.dll 06 56:115,200 2008-02-14 prflbmsg.dll 06 56:17,408 2008-02-14 schedsvc.dll 06 56:595,968 2008-02-14 netcfg.exe 06 54:24,064 2008-02-14 tcpipcfg.dll 06 54:167,424 2008-02-14 netiougc.exe 06 54:22,016 2008-02-14 GameUXLegacyGDFs.dll 06 54:4,247,552 ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally #comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 74.86.252.247 l2testauthd.lineage2.com 74.86.252.247 l2authd.lineage2.com ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 28 K System 4 Services 0 14452 K smss.exe 432 Services 0 536 K csrss.exe 564 Services 0 4456 K wininit.exe 616 Services 0 3268 K csrss.exe 628 Console 1 8984 K services.exe 664 Services 0 5888 K lsass.exe 680 Services 0 1588 K lsm.exe 688 Services 0 3516 K svchost.exe 832 Services 0 5048 K winlogon.exe 868 Console 1 4308 K svchost.exe 928 Services 0 5204 K svchost.exe 1028 Services 0 10364 K svchost.exe 1052 Services 0 78776 K svchost.exe 1064 Services 0 21696 K audiodg.exe 1144 Services 0 14396 K SLsvc.exe 1176 Services 0 3692 K svchost.exe 1208 Services 0 8660 K svchost.exe 1364 Services 0 10804 K spoolsv.exe 1656 Services 0 6632 K svchost.exe 1712 Services 0 7980 K taskeng.exe 1828 Console 1 8992 K dwm.exe 1968 Console 1 50248 K explorer.exe 280 Console 1 32160 K taskeng.exe 716 Services 0 5068 K rundll32.exe 1836 Console 1 3424 K RtHDVCpl.exe 460 Console 1 4768 K rundll32.exe 912 Console 1 4736 K AVKTray.exe 1468 Console 1 4308 K jusched.exe 1288 Console 1 2896 K iTunesHelper.exe 1532 Console 1 5032 K sidebar.exe 1984 Console 1 22552 K GoogleToolbarNotifier.exe 2064 Console 1 1064 K daemon.exe 2072 Console 1 5836 K MouseDrv.exe 2144 Console 1 4400 K sidebar.exe 2208 Console 1 12228 K AppleMobileDeviceService. 2372 Services 0 2660 K AVKService.exe 2404 Services 0 3788 K AVKWCtl.exe 2416 Services 0 29540 K mDNSResponder.exe 2452 Services 0 3160 K KMWDSrv.exe 2496 Services 0 2852 K NBService.exe 2528 Services 0 4528 K svchost.exe 2656 Services 0 3560 K PSIService.exe 2712 Services 0 2900 K StarWindServiceAE.exe 2848 Services 0 3920 K svchost.exe 2868 Services 0 4800 K TeamViewer_Host.exe 2896 Services 0 2592 K svchost.exe 2964 Services 0 1800 K SearchIndexer.exe 2996 Services 0 14724 K AVKProxy.exe 3044 Services 0 22820 K WUDFHost.exe 3248 Services 0 4400 K iPodService.exe 3296 Services 0 4084 K mobsync.exe 3588 Console 1 5276 K TeamSpeak.exe 4032 Console 1 16500 K ICQ.exe 4368 Console 1 89040 K firefox.exe 5656 Console 1 44824 K SearchProtocolHost.exe 4828 Services 0 8752 K WmiPrvSE.exe 5384 Services 0 6040 K cmd.exe 2460 Console 1 3016 K conime.exe 3884 Console 1 3384 K SearchFilterHost.exe 792 Services 0 4820 K tasklist.exe 156 Console 1 4564 K Microsoft Windows [Version 6.0.6000] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 2008-03-19 um 21:14:20.23 ***

und zuletzt...
ComboFix:

Code: Alles auswählen: ComboFix 08-03-18.1 - Richard 2008-03-19 22:03:01.6 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1228 [GMT 1:00] ausgeführt von:: C:\Users\Richard\Desktop\ComboFix.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-02-19 bis 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 14:52 . 2008-03-19 20:26 199,657,541 --a------ C:\Windows\MEMORY.DMP 2008-03-19 14:40 . 2008-03-19 14:40 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-19 14:40 . 2008-03-19 14:44 <DIR> d-------- C:\Program Files\CCleaner 2008-03-19 02:22 . 2008-03-19 02:22 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-03-19 01:24 . 2008-03-19 01:24 <DIR> d-------- C:\Program Files\7-Zip 2008-03-19 00:23 . 2008-03-19 00:23 <DIR> d-------- C:\Program Files\Veoh Networks 2008-03-18 00:02 . 2007-01-01 20:03 40,960 -ra------ C:\Windows\System32\psfind.dll 2008-03-17 23:48 . 2008-03-18 02:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-03-17 23:43 . 2008-03-17 23:43 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-03-17 15:07 . 2008-03-17 15:07 <DIR> d-------- C:\Downloads 2008-03-15 13:43 . 2008-03-15 18:45 <D

PC stürtz andauern ab

PC stürtz andauern ab

???

Re: ???