Hier die Verschiedenen Logfiles: HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41, on 2007-10-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Peter Brueckmann\Desktop\Hjackthi\HJT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.72.1:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {12D2B80C-BC0F-D112-E80B-04D064B5F270} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {9613A4E1-9AE5-D9DF-D4A5-FB85FC1DB9E9} - (no file) O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [CaISSDT] "C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8C153A24-AAED-494F-A3F9-DB9411DC9B93}: NameServer = 192.168.72.11 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: spmgr - Unknown owner - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe -- End of file - 5748 bytes ------------------------------------------------------------------------------------------------------------------------------------------------------------------- DatFind.bat: . . Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C464-1DE1 Verzeichnis von C:\WINDOWS\system32 2007-10-10 20:36 9,750 lckfldservicelog.txt 2007-10-07 12:10 1,180 wpa.dbl 2007-10-05 10:07 279,552 swreg.exe 2007-10-03 19:28 18,944 system.exe 2007-10-03 19:28 15,360 protector.exe 2007-10-03 19:28 0 8_exception.nls 2007-10-03 19:28 17,920 ntio256.sys 2007-09-05 19:50 17,474,680 MRT.exe 2007-08-14 16:45 176,167 rmoc3260.dll 2007-08-14 16:45 6,656 pndx5016.dll 2007-08-14 16:45 5,632 pndx5032.dll 2007-08-14 16:45 278,528 pncrt.dll 2007-08-05 16:30 24 mslck.dat 2007-06-29 06:24 65,536 QuickTimeVR.qtx 2007-06-29 06:24 49,152 QuickTime.qts 2007-06-28 12:51 206,088 klogon.dll 2007-06-20 10:59 16 Mlkf.dll 2007-06-20 10:59 5,978 FldLckINSTALL.LOG 2007-06-18 10:03 43,520 CmdLineExt03.dll 2007-06-15 15:11 34,064 lhacm.acm 2078 Datei(en) 416,178,922 Bytes 0 Verzeichnis(se), 24,591,990,784 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C464-1DE1 Verzeichnis von C:\DOKUME~1\PETERB~1\LOKALE~1\Temp 2007-10-10 20:49 101,661 datfind.txt 2007-10-10 20:30 53,248 foeeowqj.dll 2 Datei(en) 154,909 Bytes 0 Verzeichnis(se), 24,592,941,056 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C464-1DE1 Verzeichnis von C:\WINDOWS 2007-10-10 20:36 0 0.log 2007-10-10 20:36 2,048 bootstat.dat 2007-10-10 15:21 1,073,115,136 MEMORY.DMP 2007-10-10 15:19 1,119,209 WindowsUpdate.log 2007-10-10 15:19 32,548 SchedLgU.Txt 2007-10-10 15:05 413 WINNT32.LOG 2007-10-10 15:05 1,078 DHCPUPG.LOG 2007-10-10 15:04 0 setuperr.log 2007-10-10 15:04 71,134 setupact.log 2007-10-10 13:55 1,198,931 setupapi.log 2007-10-10 12:19 253,952 Setup1.exe 2007-10-10 12:19 82,432 ST6UNST.EXE 2007-10-10 12:17 395,884 ntbtlog.txt 2007-10-10 11:58 628 win.ini 2007-10-10 11:58 227 system.ini 2007-10-10 11:57 121,982 IMG_17.zip 2007-10-10 11:57 121,978 images.zip 2007-10-10 11:55 1,555 ST6UNST.000 2007-10-09 18:51 5,804 dkscvv32.exe 2007-10-09 10:25 327,121 DirectX.log 2007-10-08 14:24 121,856 install.exe 2007-10-08 14:22 124,928 temp1.exe 2007-09-28 09:06 135,168 catchme.exe 2007-08-14 12:51 216 wiadebug.log 2007-08-14 12:51 50 wiaservc.log 2007-07-08 18:36 1,891 imsins.log 2007-07-08 18:36 32,752 ocmsn.log 2007-07-08 18:36 30,116 msgsocm.log 2007-07-08 18:36 278,082 tsoc.log 2007-07-08 18:36 133,588 ntdtcsetup.log 2007-07-08 18:36 222,163 comsetup.log 2007-07-08 18:36 631,332 iis6.log 2007-07-08 18:36 96,871 netfxocm.log 2007-07-08 18:36 38,685 MedCtrOC.log 2007-07-08 18:36 27,959 tabletoc.log 2007-07-08 18:36 307,505 ocgen.log 2007-07-08 18:36 1,621,064 FaxSetup.log 2007-07-08 18:36 172,390 msmqinst.log 2007-07-08 15:01 38 AviSplitter.INI 212 Datei(en) 1,118,188,091 Bytes 0 Verzeichnis(se), 24,592,941,056 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C464-1DE1 Verzeichnis von C:\WINDOWS\temp 2007-10-10 20:37 43,337 $_2341234.TMP 2007-10-10 20:37 4 $_2341233.TMP 2007-10-10 20:36 16,384 Perflib_Perfdata_494.dat 2007-10-10 11:59 0 $b17a2e8.tmp 4 Datei(en) 59,725 Bytes 0 Verzeichnis(se), 24,592,941,056 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C464-1DE1 Verzeichnis von C:\WINDOWS\Downloaded Program Files 2007-05-07 16:39 254,360 fscax.dll 2007-05-07 16:39 192,920 fsauc.dll 2007-05-07 16:38 500,120 daas_s.dll 11 Datei(en) 1,505,721 Bytes 0 Verzeichnis(se), 24,592,941,056 Bytes frei . . .