Mehrere Browser-Prozesse (FF bzw.IE) führen zu Shutdown-Problem

#1 Hallo,

Ich quäle mich nun schon einige Zeit mit folgendem Problem:

Irgendetwas startet meinen aktuellen Browser (Zuerst Firefox 1.07,
jetzt nach kompletter Deinstallation kurzfristig wieder IE)
beim Hochfahren des Rechners, sodass ich nach Öffnen des Programms
zwei gleiche Prozesse laufen habe.
(Im Task-Manager gelistet: 2x firefox.exe bzw. jetzt 2x iexplore.exe).
Nach dem Schließen des Browser läuft einer weiter und produziert
beim Shutdown eine Fehlermeldung: .(Programm beenden: TRd ww: C:/Progra... -> Sofort beenden)

Absolvierte Scans:

Ad-Aware : negativ
Spybot : negativ
Kaspersky: negativ
a-squared: negativ




Aktuelle HijackThis-LogFile:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 00:47:33, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\activePDF\Composer\APClient.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KAVPersonal50] D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [APCOMPOSERClient] D:\Programme\activePDF\Composer\APClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117043091892
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Danke für Lösungsvorschläge!


Kosmograph

#2 Nutzte bitte mal Blacklight http://www.f-secure.com/blacklight/try.shtml

Lade es herunter, entpacke es in einen extra Ordner, starte es, waehle folgendes, erst " i acept the agreement", dann "scan", warte bis es den Rechner geprueft hat, dann "next" und "exit". Es befindet sich nun eine TXT Datei in dem Ordner, in dem sich auch Blacklight befindet, post es bitte hier.

Mal schauen, ob das was finden kann.
__________
MfG Ralf
SEO-Spam Hunter

#3 Ergibt: (0 items found)

Zitat

10/31/05 11:45:46 [Info]: BlackLight Engine 1.0.24 initialized
10/31/05 11:45:46 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/31/05 11:45:46 [Note]: 4019 4
10/31/05 11:45:46 [Note]: 4005 0
10/31/05 11:45:49 [Note]: 4006 0
10/31/05 11:45:49 [Note]: 4011 1144
10/31/05 11:45:49 [Note]: FSRAW library version 1.7.1013
10/31/05 11:46:54 [Note]: 4007 0

Aktuelle HiJackThis-LogFile (Nach WindowsUpdate):

Logfile of HijackThis v1.99.1
Scan saved at 11:49:37, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Zitat

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\activePDF\Composer\APClient.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KAVPersonal50] D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [APCOMPOSERClient] D:\Programme\activePDF\Composer\APClient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Danke!

#4 Gut, oder eher schlecht! Machen wir mal den naechsten Schritt, nutze Winpfind http://virus-protect.org/winpfind.html und poste das gesamte Ergbnis des scans hier. Der scan kann laenger dauern also nicht wundern.

Du kannst auch noch eine Dateiliste erstellen mit hilfe von datfind: http://virus-protect.org/datfindbat.html Das ergebniss aber am besten (die drei Dateien) mit Winrar oder Winzip packen und an unten angegebener Emailadresse schicken.
__________
MfG Ralf
SEO-Spam Hunter

#5 Danke für die prompten Antworten....


Hier das Ergebnis:

Zitat

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 27.10.2005 15:06:52 16232461 C:\WINDOWS\lpt$vpn.917
qoologic 27.10.2005 15:06:52 16232461 C:\WINDOWS\lpt$vpn.917
SAHAgent 27.10.2005 15:06:52 16232461 C:\WINDOWS\lpt$vpn.917
UPX! 03.05.2005 11:44:44 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 10.01.2005 16:17:24 170053 C:\WINDOWS\tsc.exe
PECompact2 27.10.2005 15:06:52 16232461 C:\WINDOWS\VPTNFILE.917
qoologic 27.10.2005 15:06:52 16232461 C:\WINDOWS\VPTNFILE.917
SAHAgent 27.10.2005 15:06:52 16232461 C:\WINDOWS\VPTNFILE.917
UPX! 18.02.2005 18:40:14 1044560 C:\WINDOWS\vsapi32.dll
aspack 18.02.2005 18:40:14 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 29.08.2005 13:27:12 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 08:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 08:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
31.10.2005 11:44:34 S 2048 C:\WINDOWS\bootstat.dat
01.09.2005 15:50:44 HS 5 C:\WINDOWS\system32\AuxDrv32ds_k.ods
05.10.2005 02:17:32 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28.09.2005 11:53:22 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09.09.2005 19:14:58 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
31.10.2005 11:46:02 H 1024 C:\WINDOWS\system32\config\default.LOG
31.10.2005 11:07:34 H 0 C:\WINDOWS\system32\config\default_TU_21082.LOG
31.10.2005 11:44:36 H 1024 C:\WINDOWS\system32\config\SAM.LOG
31.10.2005 11:07:34 H 0 C:\WINDOWS\system32\config\SAM_TU_95417.LOG
31.10.2005 11:54:44 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
31.10.2005 11:07:34 H 0 C:\WINDOWS\system32\config\SECURITY_TU_96007.LOG
31.10.2005 12:59:04 H 1024 C:\WINDOWS\system32\config\software.LOG
31.10.2005 11:07:34 H 0 C:\WINDOWS\system32\config\software_TU_15633.LOG
31.10.2005 12:37:08 H 1024 C:\WINDOWS\system32\config\system.LOG
31.10.2005 11:07:34 H 0 C:\WINDOWS\system32\config\system_TU_74335.LOG
31.10.2005 11:37:06 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
31.10.2005 11:44:36 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04.08.2004 08:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
activePDF, Inc. 10.07.2003 08:38:42 622592 C:\WINDOWS\SYSTEM32\APCOMPOSER.cpl
Microsoft Corporation 04.08.2004 08:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 08:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 08:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 08:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 08:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 08:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 08:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 08:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 08:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 04.03.2005 02:36:44 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 08:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 08:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 08:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10.02.2003 08:27:00 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04.08.2004 08:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 08:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04.08.2004 08:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 08:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 08:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
NVIDIA Corporation 10.02.2003 08:27:00 R 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
25.05.2005 23:38:00 1942 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
25.05.2005 17:50:02 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25.05.2005 18:13:12 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
25.05.2005 17:50:02 HS 84 C:\Dokumente und Einstellungen\LXHSS\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
25.05.2005 18:13:12 HS 62 C:\Dokumente und Einstellungen\LXHSS\Anwendungsdaten\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "D:\Programme\TuneUp Utilities 2006\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = D:\PROGRA~1\A2FREE~1\A2CONT~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "D:\Programme\TuneUp Utilities 2006\sdshelex.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
nwiz nwiz.exe /installquiet
KAVPersonal50 D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
APCOMPOSERClient D:\Programme\activePDF\Composer\APClient.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LXSUPMON
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LXSUPMON
hkey HKLM
command C:\WINDOWS\system32\LXSUPMON.EXE RUN
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LXSUPMON
hkey HKLM
command C:\WINDOWS\system32\LXSUPMON.EXE RUN
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 31.10.2005 13:03:56

Das DatFind-Ergebnis-Archiv habe ich gemailt.

Ich habe zusätzlich auch FPort laufen lassen -
ergibt für die beiden iexplore.exe - Prozesse:

Zitat

PID 508 iexplore -> 1363 TCP C:/Programme Internet Explorer/iexplore.exe

PID 508 iexplore -> 1032 UDP C:/Programme Internet Explorer/iexplore.exe

MfG
Kosmograph

#6 Hm, ich sehe nach wie vor nicht wirklich was boeses, aber wir koennen noch ein paar andere Dinge testen.
Als erstes starte Hijackthis und gehe auf Open the misc tools section/open process manader/Haken bei show dlls setzen, dann den ersten C:\Programme\Internet Explorer\iexplore.exe task/Process anklicken(wenn bei geschlosenem Browser noh 2 Dinge sichtbar sind), copy list to clipboard druecken(2. Icon neben "show DLLs), das Ergebniss in eine Antwort von dir einfuegen und das ganze nochmal mit dem anderen IExplorer Process machen.

Lade dir TCPVIEW herunter http://www.sysinternals.com/Utilities/TcpView.html , starte es und speichere das Ergebniss in eine Datei, dessen Inhalt poste hier ebenfalls.
__________
MfG Ralf
SEO-Spam Hunter

#7 Ergebnis HiJackthis ProcessManager für iexplore.exe-Prozeß,
der noch vor dem Öffnen des Browsers gestartet wird,
nach dem Schließen bleibt:

Zitat

Process list saved on 14:35:34, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
440 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
528 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
572 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
584 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
724 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
832 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1144 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1200 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1352 C:\WINDOWS\System32\oodag.exe 6.5.851.0 O&O Software GmbH
1388 C:\WINDOWS\system32\PDFCreatorMessages.exe 3.1.0.0 Global Graphics Software Ltd
1480 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1960 D:\Programme\activePDF\Composer\APClient.exe 3.21.0.1682 activePDF, Inc.
508 C:\Programme\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1152 C:\WINDOWS\system32\ntvdm.exe 5.1.2600.2180 Microsoft Corporation
124 D:\Programme\Hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\Programme\Internet Explorer\iexplore.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHDOCVW.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WININET.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2900.2763 Microsoft Corporation
C:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\DrvTrNTm.dll 5.2.0.1 High Criteria inc.
C:\WINDOWS\system32\DrvTrNTl.dll 5.2.0.1 High Criteria inc.
C:\WINDOWS\system32\MSVFW32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180
Microsoft Corporation

Ergebnis HiJackthis ProcessManager für den zweiten iexplore.exe-Prozeß,
der mit dem Öffnen des Browsers gestartet wird, und nach dem Schließen
nicht mehr läuft:

Zitat

Process list saved on 14:37:51, on 31.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
440 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
528 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
572 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
584 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
724 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
832 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1144 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1200 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1352 C:\WINDOWS\System32\oodag.exe 6.5.851.0 O&O Software GmbH
1388 C:\WINDOWS\system32\PDFCreatorMessages.exe 3.1.0.0 Global Graphics Software Ltd
1480 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1960 D:\Programme\activePDF\Composer\APClient.exe 3.21.0.1682 activePDF, Inc.
508 C:\Programme\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1152 C:\WINDOWS\system32\ntvdm.exe 5.1.2600.2180 Microsoft Corporation
1832 C:\WINDOWS\system32\NOTEPAD.EXE 5.1.2600.2180 Microsoft Corporation
1476 C:\Programme\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1136 D:\Programme\Hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\Programme\Internet Explorer\iexplore.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHDOCVW.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WININET.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2900.2763 Microsoft Corporation
C:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\BROWSEUI.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\browselc.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 Microsoft Corporation
C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 Microsoft Corporation
C:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\urlmon.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 Microsoft Corporation
c:\windows\srchasst\srchui.dll 1.0.0.5325 Microsoft Corporation
C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 Microsoft Corporation
C:\WINDOWS\system32\MSVCP60.dll 6.2.3104.0 Microsoft Corporation
C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Microsoft Corporation
C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 Microsoft Corporation
c:\windows\srchasst\srchctls.dll 1.0.0.5325 Microsoft Corporation
C:\WINDOWS\system32\DrvTrNTm.dll 5.2.0.1 High Criteria inc.
C:\WINDOWS\system32\DrvTrNTl.dll 5.2.0.1 High Criteria inc.
C:\WINDOWS\System32\mshtml.dll 6.0.2900.2769 Microsoft Corporation
C:\WINDOWS\System32\msls31.dll 3.10.349.0 Microsoft Corporation
C:\WINDOWS\system32\shdoclc.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\MLANG.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\msimtf.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\MSCTF.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 Microsoft Corporation
D:\Programme\Microsoft Office\OFFICE11\msohev.dll 11.0.5510.0 Microsoft Corporation
C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180 Microsoft Corporation
D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll 1.0.142.342 Kaspersky Lab
C:\WINDOWS\System32\jscript.dll 5.6.0.8820 Microsoft Corporation
D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll 1.0.142.3 Kaspersky Lab
D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll 5.0.0.0 Kaspersky Lab
D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll 5.0.142.0 Kaspersky Lab
C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\mshtmled.dll 6.0.2900.2753 Microsoft Corporation
C:\WINDOWS\system32\ImgUtil.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\System32\pngfilt.dll 6.0.2900.2753 Microsoft Corporation

Bei TCPVIEW erhalte ich verschiedene Ergebnisse über die Zeit, sowohl bei
geschlossenem als auch offenem Browser:


z.b.

Zitat

alg.exe:1924 TCP lxhss-li7ghf1sc:1025 lxhss-li7ghf1sc:0 LISTENING
iexplore.exe:508 TCP lxhss-li7ghf1sc.chello.at:2328 221.235.36.164:1088 SYN_SENT
iexplore.exe:996 UDP lxhss-li7ghf1sc:2322 *:*
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1110 lxhss-li7ghf1sc:0 LISTENING
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1125 lxhss-li7ghf1sc:0 LISTENING
lsass.exe:584 UDP lxhss-li7ghf1sc:isakmp *:*
lsass.exe:584 UDP lxhss-li7ghf1sc:4500 *:*
oodag.exe:1352 TCP lxhss-li7ghf1sc:50300 lxhss-li7ghf1sc:0 LISTENING
svchost.exe:792 TCP lxhss-li7ghf1sc:epmap lxhss-li7ghf1sc:0 LISTENING
svchost.exe:832 UDP lxhss-li7ghf1sc:ntp *:*
svchost.exe:832 UDP lxhss-li7ghf1sc.chello.at:ntp *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1155 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1154 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1026 *:*
System:4 TCP lxhss-li7ghf1sc:microsoft-ds lxhss-li7ghf1sc:0 LISTENING
System:4 TCP lxhss-li7ghf1sc.chello.at:netbios-ssn lxhss-li7ghf1sc:0 LISTENING
System:4 UDP lxhss-li7ghf1sc:microsoft-ds *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-ns *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-dgm *:*

sowie:

Zitat

alg.exe:1924 TCP lxhss-li7ghf1sc:1025 lxhss-li7ghf1sc:0 LISTENING
iexplore.exe:508 TCP lxhss-li7ghf1sc.chello.at:2331 221.235.36.164:1088 SYN_SENT
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1110 lxhss-li7ghf1sc:0 LISTENING
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1125 lxhss-li7ghf1sc:0 LISTENING
lsass.exe:584 UDP lxhss-li7ghf1sc:isakmp *:*
lsass.exe:584 UDP lxhss-li7ghf1sc:4500 *:*
oodag.exe:1352 TCP lxhss-li7ghf1sc:50300 lxhss-li7ghf1sc:0 LISTENING
svchost.exe:792 TCP lxhss-li7ghf1sc:epmap lxhss-li7ghf1sc:0 LISTENING
svchost.exe:832 UDP lxhss-li7ghf1sc:ntp *:*
svchost.exe:832 UDP lxhss-li7ghf1sc.chello.at:ntp *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1155 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1154 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1026 *:*
System:4 TCP lxhss-li7ghf1sc:microsoft-ds lxhss-li7ghf1sc:0 LISTENING
System:4 TCP lxhss-li7ghf1sc.chello.at:netbios-ssn lxhss-li7ghf1sc:0 LISTENING
System:4 UDP lxhss-li7ghf1sc:microsoft-ds *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-ns *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-dgm *:*

bzw.

Zitat

alg.exe:1924 TCP lxhss-li7ghf1sc:1025 lxhss-li7ghf1sc:0 LISTENING
iexplore.exe:1252 TCP lxhss-li7ghf1sc.chello.at:2336 a213-93-127-139.deploy.akamaitechnologies.com:http ESTABLISHED
iexplore.exe:1252 UDP lxhss-li7ghf1sc:2335 *:*
iexplore.exe:508 TCP lxhss-li7ghf1sc.chello.at:2343 221.235.36.164:1088 SYN_SENT
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1110 lxhss-li7ghf1sc:0 LISTENING
kavsvc.exe:1328 TCP lxhss-li7ghf1sc:1125 lxhss-li7ghf1sc:0 LISTENING
lsass.exe:584 UDP lxhss-li7ghf1sc:isakmp *:*
lsass.exe:584 UDP lxhss-li7ghf1sc:4500 *:*
oodag.exe:1352 TCP lxhss-li7ghf1sc:50300 lxhss-li7ghf1sc:0 LISTENING
svchost.exe:792 TCP lxhss-li7ghf1sc:epmap lxhss-li7ghf1sc:0 LISTENING
svchost.exe:832 UDP lxhss-li7ghf1sc:ntp *:*
svchost.exe:832 UDP lxhss-li7ghf1sc.chello.at:ntp *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1155 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1026 *:*
svchost.exe:892 UDP lxhss-li7ghf1sc:1154 *:*
System:4 TCP lxhss-li7ghf1sc:microsoft-ds lxhss-li7ghf1sc:0 LISTENING
System:4 TCP lxhss-li7ghf1sc.chello.at:netbios-ssn lxhss-li7ghf1sc:0 LISTENING
System:4 UDP lxhss-li7ghf1sc:microsoft-ds *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-ns *:*
System:4 UDP lxhss-li7ghf1sc.chello.at:netbios-dgm *:*

Danke!

#8 Diese IP macht mich etwas stutzig: 221.235.36.164

BTW: Du nutzt die aktuellste Version von Kaspersky5? Die sind wohl gerade bei 5.0.388?

Wenn du "lust" hast, lade dir bitte das herunter: http://invisiblethings.org/tools/svv-1.0-public.zip

entpacke es nach c:\ , gehe auf start/ausfuehren, tippe dort
cmd ein und druecke die Enter-Taste,

es oeffnet sich die Dosbox danach bitte
cd\ und enter druecken
svv /check >test.txt eingeben und enter druecken
start test.txt und nochmal enter Jetzt sollte sich notepad oeffnen, den ganzen Inhalt bitte hierhin kopieren.

danach bitte alles
__________
MfG Ralf
SEO-Spam Hunter

#9 svv check >test.txt ergibt:

Zitat

WARNING: Service Table redirection detected
origKiServiceTbl: 0x804e26a8 - 0x804e2ba8
currKiServiceTbl: 0x81fb2b58 - 0x81fb2ffc

verifying module: [ ntoskrnl.exe] 0%... -
verifying module: [ hal.dll] 1%... \
verifying module: [ KDCOM.DLL] 2%... |
verifying module: [ BOOTVID.dll] 2%... /
verifying module: [ ACPI.sys] 3%... -
verifying module: [ WMILIB.SYS] 4%... \
verifying module: [ pci.sys] 5%... |
verifying module: [ isapnp.sys] 5%... /
verifying module: [ ohci1394.sys] 6%... -
verifying module: [ 1394BUS.SYS] 7%... \
verifying module: [ compbatt.sys] 7%... |
verifying module: [ BATTC.SYS] 8%... /
verifying module: [ intelide.sys] 9%... -
verifying module: [ PCIIDEX.SYS] 10%... \
verifying module: [ pcmcia.sys] 10%... |
verifying module: [ MountMgr.sys] 11%... /
verifying module: [ ftdisk.sys] 12%... -
verifying module: [ PartMgr.sys] 13%... \
verifying module: [ VolSnap.sys] 13%... |
verifying module: [ atapi.sys] 14%... /
verifying module: [ disk.sys] 15%... -
verifying module: [ CLASSPNP.SYS] 15%... \
verifying module: [ fltmgr.sys] 16%... |
verifying module: [ sr.sys] 17%... /
verifying module: [ KSecDD.sys] 18%... -
verifying module: [ Ntfs.sys] 18%... \
verifying module: [ NDIS.sys] 19%... |
verifying module: [ Mup.sys] 20%... /
verifying module: [ agp440.sys] 21%... -
verifying module: [ nic1394.sys] 21%... \
verifying module: [ intelppm.sys] 22%... |
verifying module: [ CmBatt.sys] 23%... /
verifying module: [ nv4_mini.sys] 23%... -
verifying module: [ VIDEOPRT.SYS] 24%... \
verifying module: [ usbuhci.sys] 25%... |
verifying module: [ USBPORT.SYS] 26%... /
verifying module: [ el90xbc5.sys] 26%... -
verifying module: [ i8042prt.sys] 27%... \
verifying module: [ mouclass.sys] 28%... |
verifying module: [ kbdclass.sys] 28%... /
verifying module: [ fdc.sys] 29%... -
verifying module: [ Seri*hier nicht!*.sys] 30%... \
verifying module: [ serenum.sys] 31%... |
verifying module: [ parport.sys] 31%... /
verifying module: [ Imapi.SYS] 32%... -
verifying module: [ pfc.sys] 33%... \
verifying module: [ cdrom.sys] 34%... |
verifying module: [ redbook.sys] 34%... /
verifying module: [ ks.sys] 35%... -
verifying module: [ ac97intc.sys] 36%... \
verifying module: [ portcls.sys] 36%... |
verifying module: [ drmk.sys] 37%... /
verifying module: [ Ich.sys] 38%... -
verifying module: [ SOAR.SYS] 39%... \
verifying module: [ rksample.sys] 39%... |
verifying module: [ HSF_CNXT.sys] 40%... /
verifying module: [ AmosNt.SYS] 41%... -
verifying module: [ Modem.SYS] 42%... \
verifying module: [ EPPSCAN.sys] 42%... |
verifying module: [ audstub.sys] 43%... /
verifying module: [ rasl2tp.sys] 44%... -
verifying module: [ ndistapi.sys] 44%... \
verifying module: [ ndiswan.sys] 45%... |
verifying module: [ raspppoe.sys] 46%... /
verifying module: [ raspptp.sys] 47%... -
verifying module: [ TDI.SYS] 47%... \
verifying module: [ psched.sys] 48%... |
verifying module: [ msgpc.sys] 49%... /
verifying module: [ ptilink.sys] 50%... -
verifying module: [ raspti.sys] 50%... \
verifying module: [ termdd.sys] 51%... |
verifying module: [ swenum.sys] 52%... /
verifying module: [ update.sys] 52%... -
verifying module: [ mssmbios.sys] 53%... \
verifying module: [ NDProxy.SYS] 54%... |
verifying module: [ usbhub.sys] 55%... /
verifying module: [ USBD.SYS] 55%... -
verifying module: [ flpydisk.sys] 56%... \
verifying module: [ Fs_Rec.SYS] 57%... |
verifying module: [ Null.SYS] 57%... /
verifying module: [ Beep.SYS] 58%... -
verifying module: [ vga.sys] 59%... \
verifying module: [ mnmdd.SYS] 60%... |
verifying module: [ RDPCDD.sys] 60%... /
verifying module: [ Msfs.SYS] 61%... -
verifying module: [ Npfs.SYS] 62%... \
verifying module: [ rasacd.sys] 63%... |
verifying module: [ ipsec.sys] 63%... /
verifying module: [ tcpip.sys] 64%... -
verifying module: [ netbt.sys] 65%... \
verifying module: [ afd.sys] 65%... |
verifying module: [ netbios.sys] 66%... /
verifying module: [ rdbss.sys] 67%... -
verifying module: [ PQNTDrv.SYS] 68%... \
verifying module: [ mrxsmb.sys] 68%... |
verifying module: [ klmc.sys] 69%... /
verifying module: [ klif.sys] 70%... -
verifying module: [ Fips.SYS] 71%... \
verifying module: [ ipnat.sys] 71%... |
verifying module: [ wanarp.sys] 72%... /
verifying module: [ arp1394.sys] 73%... -
verifying module: [ Cdfs.SYS] 73%... \
verifying module: [ dump_atapi.sys] 74%... |
verifying module: [ dump_WMILIB.SYS] 75%... /
verifying module: [ win32k.sys] 76%... -
verifying module: [ Dxapi.sys] 76%... \
verifying module: [ watchdog.sys] 77%... |
verifying module: [ dxg.sys] 78%... /
verifying module: [ dxgthk.sys] 78%... -
verifying module: [ nv4_disp.dll] 79%... \
verifying module: [ ATMFD.DLL] 80%... |
verifying module: [ ndisuio.sys] 81%... /
verifying module: [ mrxdav.sys] 81%... -
verifying module: [ ParVdm.SYS] 82%... \
verifying module: [ cnxtdiag.sys] 83%... |
verifying module: [ fallback.sys] 84%... /
verifying module: [ fsksnt.sys] 84%... -
verifying module: [ k56nt.sys] 85%... \
verifying module: [ Fastfat.SYS] 86%... |
verifying module: [ srv.sys] 86%... /
verifying module: [ wdmaud.sys] 87%... -
verifying module: [ sysaudio.sys] 88%... \
verifying module: [ faxnt.sys] 89%... |
verifying module: [ tonesnt.sys] 89%... /
verifying module: [ v124nt.sys] 90%... -
verifying module: [ svv.sys] 91%... \
verifying module: [ ntdll.dll] 92%... |
verifying module: [ svv.exe] 92%... /
verifying module: [ ntdll.dll] 93%... -
verifying module: [ kernel32.dll] 94%... \
verifying module: [ PSAPI.DLL] 94%... |
verifying module: [ WS2_32.dll] 95%... /
verifying module: [ msvcrt.dll] 96%... -
verifying module: [ WS2HELP.dll] 97%... \
verifying module: [ ADVAPI32.dll] 97%... |
verifying module: [ RPCRT4.dll] 98%... /
verifying module: [ USER32.dll] 99%... -
verifying module: [ GDI32.dll] 100%... \

ntoskrnl.exe (804d7000 - 806eba00)... kernel32.dll (7c800000 - 7c906000)...
SYSTEM INFECTION LEVEL: 2
0 - BLUE
1 - GREEN
--> 2 - YELLOW
3 - ORANGE
4 - RED
5 - DEEPRED
Nothing suspected was detected

.


svv check /a >test.txt ergibt:

Zitat

WARNING: Service Table redirection detected
origKiServiceTbl: 0x804e26a8 - 0x804e2ba8
currKiServiceTbl: 0x81fb2b58 - 0x81fb2ffc

verifying module: [ ntoskrnl.exe] 0%... -
verifying module: [ hal.dll] 1%... \
verifying module: [ KDCOM.DLL] 2%... |
verifying module: [ BOOTVID.dll] 2%... /
verifying module: [ ACPI.sys] 3%... -
verifying module: [ WMILIB.SYS] 4%... \
verifying module: [ pci.sys] 5%... |
verifying module: [ isapnp.sys] 5%... /
verifying module: [ ohci1394.sys] 6%... -
verifying module: [ 1394BUS.SYS] 7%... \
verifying module: [ compbatt.sys] 7%... |
verifying module: [ BATTC.SYS] 8%... /
verifying module: [ intelide.sys] 9%... -
verifying module: [ PCIIDEX.SYS] 10%... \
verifying module: [ pcmcia.sys] 10%... |
verifying module: [ MountMgr.sys] 11%... /
verifying module: [ ftdisk.sys] 12%... -
verifying module: [ PartMgr.sys] 13%... \
verifying module: [ VolSnap.sys] 13%... |
verifying module: [ atapi.sys] 14%... /
verifying module: [ disk.sys] 15%... -
verifying module: [ CLASSPNP.SYS] 15%... \
verifying module: [ fltmgr.sys] 16%... |
verifying module: [ sr.sys] 17%... /
verifying module: [ KSecDD.sys] 18%... -
verifying module: [ Ntfs.sys] 18%... \
verifying module: [ NDIS.sys] 19%... |
verifying module: [ Mup.sys] 20%... /
verifying module: [ agp440.sys] 21%... -
verifying module: [ nic1394.sys] 21%... \
verifying module: [ intelppm.sys] 22%... |
verifying module: [ CmBatt.sys] 23%... /
verifying module: [ nv4_mini.sys] 23%... -
verifying module: [ VIDEOPRT.SYS] 24%... \
verifying module: [ usbuhci.sys] 25%... |
verifying module: [ USBPORT.SYS] 26%... /
verifying module: [ el90xbc5.sys] 26%... -
verifying module: [ i8042prt.sys] 27%... \
verifying module: [ mouclass.sys] 28%... |
verifying module: [ kbdclass.sys] 28%... /
verifying module: [ fdc.sys] 29%... -
verifying module: [ Seri*hier nicht!*.sys] 30%... \
verifying module: [ serenum.sys] 31%... |
verifying module: [ parport.sys] 31%... /
verifying module: [ Imapi.SYS] 32%... -
verifying module: [ pfc.sys] 33%... \
verifying module: [ cdrom.sys] 34%... |
verifying module: [ redbook.sys] 34%... /
verifying module: [ ks.sys] 35%... -
verifying module: [ ac97intc.sys] 36%... \
verifying module: [ portcls.sys] 36%... |
verifying module: [ drmk.sys] 37%... /
verifying module: [ Ich.sys] 38%... -
verifying module: [ SOAR.SYS] 39%... \
verifying module: [ rksample.sys] 39%... |
verifying module: [ HSF_CNXT.sys] 40%... /
verifying module: [ AmosNt.SYS] 41%... -
verifying module: [ Modem.SYS] 42%... \
verifying module: [ EPPSCAN.sys] 42%... |
verifying module: [ audstub.sys] 43%... /
verifying module: [ rasl2tp.sys] 44%... -
verifying module: [ ndistapi.sys] 44%... \
verifying module: [ ndiswan.sys] 45%... |
verifying module: [ raspppoe.sys] 46%... /
verifying module: [ raspptp.sys] 47%... -
verifying module: [ TDI.SYS] 47%... \
verifying module: [ psched.sys] 48%... |
verifying module: [ msgpc.sys] 49%... /
verifying module: [ ptilink.sys] 50%... -
verifying module: [ raspti.sys] 50%... \
verifying module: [ termdd.sys] 51%... |
verifying module: [ swenum.sys] 52%... /
verifying module: [ update.sys] 52%... -
verifying module: [ mssmbios.sys] 53%... \
verifying module: [ NDProxy.SYS] 54%... |
verifying module: [ usbhub.sys] 55%... /
verifying module: [ USBD.SYS] 55%... -
verifying module: [ flpydisk.sys] 56%... \
verifying module: [ Fs_Rec.SYS] 57%... |
verifying module: [ Null.SYS] 57%... /
verifying module: [ Beep.SYS] 58%... -
verifying module: [ vga.sys] 59%... \
verifying module: [ mnmdd.SYS] 60%... |
verifying module: [ RDPCDD.sys] 60%... /
verifying module: [ Msfs.SYS] 61%... -
verifying module: [ Npfs.SYS] 62%... \
verifying module: [ rasacd.sys] 63%... |
verifying module: [ ipsec.sys] 63%... /
verifying module: [ tcpip.sys] 64%... -
verifying module: [ netbt.sys] 65%... \
verifying module: [ afd.sys] 65%... |
verifying module: [ netbios.sys] 66%... /
verifying module: [ rdbss.sys] 67%... -
verifying module: [ PQNTDrv.SYS] 68%... \
verifying module: [ mrxsmb.sys] 68%... |
verifying module: [ klmc.sys] 69%... /
verifying module: [ klif.sys] 70%... -
verifying module: [ Fips.SYS] 71%... \
verifying module: [ ipnat.sys] 71%... |
verifying module: [ wanarp.sys] 72%... /
verifying module: [ arp1394.sys] 73%... -
verifying module: [ Cdfs.SYS] 73%... \
verifying module: [ dump_atapi.sys] 74%... |
verifying module: [ dump_WMILIB.SYS] 75%... /
verifying module: [ win32k.sys] 76%... -
verifying module: [ Dxapi.sys] 76%... \
verifying module: [ watchdog.sys] 77%... |
verifying module: [ dxg.sys] 78%... /
verifying module: [ dxgthk.sys] 78%... -
verifying module: [ nv4_disp.dll] 79%... \
verifying module: [ ATMFD.DLL] 80%... |
verifying module: [ ndisuio.sys] 81%... /
verifying module: [ mrxdav.sys] 81%... -
verifying module: [ ParVdm.SYS] 82%... \
verifying module: [ cnxtdiag.sys] 83%... |
verifying module: [ fallback.sys] 84%... /
verifying module: [ fsksnt.sys] 84%... -
verifying module: [ k56nt.sys] 85%... \
verifying module: [ Fastfat.SYS] 86%... |
verifying module: [ srv.sys] 86%... /
verifying module: [ wdmaud.sys] 87%... -
verifying module: [ sysaudio.sys] 88%... \
verifying module: [ faxnt.sys] 89%... |
verifying module: [ tonesnt.sys] 89%... /
verifying module: [ v124nt.sys] 90%... -
verifying module: [ svv.sys] 91%... \
verifying module: [ ntdll.dll] 92%... |
verifying module: [ svv.exe] 92%... /
verifying module: [ ntdll.dll] 93%... -
verifying module: [ kernel32.dll] 94%... \
verifying module: [ PSAPI.DLL] 94%... |
verifying module: [ WS2_32.dll] 95%... /
verifying module: [ msvcrt.dll] 96%... -
verifying module: [ WS2HELP.dll] 97%... \
verifying module: [ ADVAPI32.dll] 97%... |
verifying module: [ RPCRT4.dll] 98%... /
verifying module: [ USER32.dll] 99%... -
verifying module: [ GDI32.dll] 100%... \

ntoskrnl.exe (804d7000 - 806eba00)... Null.SYS (f8c18000 - f8c19000)... error code = 0x490
mnmdd.SYS (f8a58000 - f8a5a000)... error code = 0x490
RDPCDD.sys (f8a5a000 - f8a5c000)... error code = 0x490
dump_atapi.sys (f6ca4000 - f6cbc000)... Image file not found!
dump_WMILIB.SYS (f8a5c000 - f8a5e000)... Image file not found!
kernel32.dll (7c800000 - 7c906000)...
SYSTEM INFECTION LEVEL: 2
0 - BLUE
1 - GREEN
--> 2 - YELLOW
3 - ORANGE
4 - RED
5 - DEEPRED
Nothing suspected was detected.

svv check /m >test.txt liefert:

Zitat

WARNING: Service Table redirection detected
origKiServiceTbl: 0x804e26a8 - 0x804e2ba8
currKiServiceTbl: 0x81fb2b58 - 0x81fb2ffc

verifying module: [ ntoskrnl.exe] 0%... -
verifying module: [ hal.dll] 1%... \
verifying module: [ KDCOM.DLL] 2%... |
verifying module: [ BOOTVID.dll] 2%... /
verifying module: [ ACPI.sys] 3%... -
verifying module: [ WMILIB.SYS] 4%... \
verifying module: [ pci.sys] 5%... |
verifying module: [ isapnp.sys] 5%... /
verifying module: [ ohci1394.sys] 6%... -
verifying module: [ 1394BUS.SYS] 7%... \
verifying module: [ compbatt.sys] 7%... |
verifying module: [ BATTC.SYS] 8%... /
verifying module: [ intelide.sys] 9%... -
verifying module: [ PCIIDEX.SYS] 10%... \
verifying module: [ pcmcia.sys] 10%... |
verifying module: [ MountMgr.sys] 11%... /
verifying module: [ ftdisk.sys] 12%... -
verifying module: [ PartMgr.sys] 13%... \
verifying module: [ VolSnap.sys] 13%... |
verifying module: [ atapi.sys] 14%... /
verifying module: [ disk.sys] 15%... -
verifying module: [ CLASSPNP.SYS] 15%... \
verifying module: [ fltmgr.sys] 16%... |
verifying module: [ sr.sys] 17%... /
verifying module: [ KSecDD.sys] 18%... -
verifying module: [ Ntfs.sys] 18%... \
verifying module: [ NDIS.sys] 19%... |
verifying module: [ Mup.sys] 20%... /
verifying module: [ agp440.sys] 21%... -
verifying module: [ nic1394.sys] 21%... \
verifying module: [ intelppm.sys] 22%... |
verifying module: [ CmBatt.sys] 23%... /
verifying module: [ nv4_mini.sys] 23%... -
verifying module: [ VIDEOPRT.SYS] 24%... \
verifying module: [ usbuhci.sys] 25%... |
verifying module: [ USBPORT.SYS] 26%... /
verifying module: [ el90xbc5.sys] 26%... -
verifying module: [ i8042prt.sys] 27%... \
verifying module: [ mouclass.sys] 28%... |
verifying module: [ kbdclass.sys] 28%... /
verifying module: [ fdc.sys] 29%... -
verifying module: [ serial.sys] 30%... \
verifying module: [ serenum.sys] 31%... |
verifying module: [ parport.sys] 31%... /
verifying module: [ Imapi.SYS] 32%... -
verifying module: [ pfc.sys] 33%... \
verifying module: [ cdrom.sys] 34%... |
verifying module: [ redbook.sys] 34%... /
verifying module: [ ks.sys] 35%... -
verifying module: [ ac97intc.sys] 36%... \
verifying module: [ portcls.sys] 36%... |
verifying module: [ drmk.sys] 37%... /
verifying module: [ Ich.sys] 38%... -
verifying module: [ SOAR.SYS] 39%... \
verifying module: [ rksample.sys] 39%... |
verifying module: [ HSF_CNXT.sys] 40%... /
verifying module: [ AmosNt.SYS] 41%... -
verifying module: [ Modem.SYS] 42%... \
verifying module: [ EPPSCAN.sys] 42%... |
verifying module: [ audstub.sys] 43%... /
verifying module: [ rasl2tp.sys] 44%... -
verifying module: [ ndistapi.sys] 44%... \
verifying module: [ ndiswan.sys] 45%... |
verifying module: [ raspppoe.sys] 46%... /
verifying module: [ raspptp.sys] 47%... -
verifying module: [ TDI.SYS] 47%... \
verifying module: [ psched.sys] 48%... |
verifying module: [ msgpc.sys] 49%... /
verifying module: [ ptilink.sys] 50%... -
verifying module: [ raspti.sys] 50%... \
verifying module: [ termdd.sys] 51%... |
verifying module: [ swenum.sys] 52%... /
verifying module: [ update.sys] 52%... -
verifying module: [ mssmbios.sys] 53%... \
verifying module: [ NDProxy.SYS] 54%... |
verifying module: [ usbhub.sys] 55%... /
verifying module: [ USBD.SYS] 55%... -
verifying module: [ flpydisk.sys] 56%... \
verifying module: [ Fs_Rec.SYS] 57%... |
verifying module: [ Null.SYS] 57%... /
verifying module: [ Beep.SYS] 58%... -
verifying module: [ vga.sys] 59%... \
verifying module: [ mnmdd.SYS] 60%... |
verifying module: [ RDPCDD.sys] 60%... /
verifying module: [ Msfs.SYS] 61%... -
verifying module: [ Npfs.SYS] 62%... \
verifying module: [ rasacd.sys] 63%... |
verifying module: [ ipsec.sys] 63%... /
verifying module: [ tcpip.sys] 64%... -
verifying module: [ netbt.sys] 65%... \
verifying module: [ afd.sys] 65%... |
verifying module: [ netbios.sys] 66%... /
verifying module: [ rdbss.sys] 67%... -
verifying module: [ PQNTDrv.SYS] 68%... \
verifying module: [ mrxsmb.sys] 68%... |
verifying module: [ klmc.sys] 69%... /
verifying module: [ klif.sys] 70%... -
verifying module: [ Fips.SYS] 71%... \
verifying module: [ ipnat.sys] 71%... |
verifying module: [ wanarp.sys] 72%... /
verifying module: [ arp1394.sys] 73%... -
verifying module: [ Cdfs.SYS] 73%... \
verifying module: [ dump_atapi.sys] 74%... |
verifying module: [ dump_WMILIB.SYS] 75%... /
verifying module: [ win32k.sys] 76%... -
verifying module: [ Dxapi.sys] 76%... \
verifying module: [ watchdog.sys] 77%... |
verifying module: [ dxg.sys] 78%... /
verifying module: [ dxgthk.sys] 78%... -
verifying module: [ nv4_disp.dll] 79%... \
verifying module: [ ATMFD.DLL] 80%... |
verifying module: [ ndisuio.sys] 81%... /
verifying module: [ mrxdav.sys] 81%... -
verifying module: [ ParVdm.SYS] 82%... \
verifying module: [ cnxtdiag.sys] 83%... |
verifying module: [ fallback.sys] 84%... /
verifying module: [ fsksnt.sys] 84%... -
verifying module: [ k56nt.sys] 85%... \
verifying module: [ Fastfat.SYS] 86%... |
verifying module: [ srv.sys] 86%... /
verifying module: [ wdmaud.sys] 87%... -
verifying module: [ sysaudio.sys] 88%... \
verifying module: [ faxnt.sys] 89%... |
verifying module: [ tonesnt.sys] 89%... /
verifying module: [ v124nt.sys] 90%... -
verifying module: [ svv.sys] 91%... \
verifying module: [ ntdll.dll] 92%... |
verifying module: [ svv.exe] 92%... /
verifying module: [ ntdll.dll] 93%... -
verifying module: [ kernel32.dll] 94%... \
verifying module: [ PSAPI.DLL] 94%... |
verifying module: [ WS2_32.dll] 95%... /
verifying module: [ msvcrt.dll] 96%... -
verifying module: [ WS2HELP.dll] 97%... \
verifying module: [ ADVAPI32.dll] 97%... |
verifying module: [ RPCRT4.dll] 98%... /
verifying module: [ USER32.dll] 99%... -
verifying module: [ GDI32.dll] 100%... \

ntoskrnl.exe (804d7000 - 806eba00)... module ntoskrnl.exe [0x804d7000 - 0x806eba00]:
0x804db03d [RtlPrefetchMemoryNonTemporal()+0] 1 byte(s): exclusion filter: single byte modification
file :c3
memory :90
verdict = 1

0x804db92e 7 byte(s): JMPing code (jmp to: 0xf6d93663)
address 0xf6d93663 is inside klif.sys module [0xf6d7d000-0xf6da6000]
target module path: \SystemRoot\System32\drivers\klif.sys
file :83 bb 94 09 00 00 00
memory :e9 35 7d 8b 76 90 90
verdict = 2

0x804dbaa2 18 byte(s): exclusion filter: KeFlushCurrentTb()
file :d8 0f 22 d8 c3 0f 20 e0 25 7f ff ff ff 0f 22 e0 0d 80
memory :e0 25 7f ff ff ff 0f 22 e0 0d 80 00 00 00 0f 22 e0 c3
verdict = 1

0x804dbaba 1 byte(s): exclusion filter: single byte modification
file :c3
memory :00
verdict = 1

0x804de8ea 1 byte(s): exclusion filter: single byte modification
file :05
memory :06
verdict = 1

0x804e2a38 [KiServiceTable[228]] 4 byte(s): KiServiceTable HOOK:
address 0xf6d93530 is inside klif.sys module [0xf6d7d000-0xf6da6000]
target module path: \SystemRoot\System32\drivers\klif.sys
file :05 bd 56 80
memory :30 35 d9 f6
verdict = 2

module ntoskrnl.exe: end of details
kernel32.dll (7c800000 - 7c906000)... module kernel32.dll [0x7c800000 - 0x7c906000]:
0x7c802f58 15 byte(s): Inside EAT
file :77 1d 00 00 4f 1d 00 00 f1 1a 00 00 d3 ac 00
memory :c4 2f 08 00 d3 2f 08 00 f1 2f 08 00 e2 2f 08
verdict = 2

module kernel32.dll: end of details

SYSTEM INFECTION LEVEL: 2
0 - BLUE
1 - GREEN
--> 2 - YELLOW
3 - ORANGE
4 - RED
5 - DEEPRED
Nothing suspected was detected.

svv check /c >test.txt schließlich:

Zitat

WARNING: Service Table redirection detected
origKiServiceTbl: 0x804e26a8 - 0x804e2ba8
currKiServiceTbl: 0x81fb2b58 - 0x81fb2ffc

verifying module: [ ntoskrnl.exe] 0%... -
verifying module: [ hal.dll] 1%... \
verifying module: [ KDCOM.DLL] 2%... |
verifying module: [ BOOTVID.dll] 2%... /
verifying module: [ ACPI.sys] 3%... -
verifying module: [ WMILIB.SYS] 4%... \
verifying module: [ pci.sys] 5%... |
verifying module: [ isapnp.sys] 5%... /
verifying module: [ ohci1394.sys] 6%... -
verifying module: [ 1394BUS.SYS] 7%... \
verifying module: [ compbatt.sys] 7%... |
verifying module: [ BATTC.SYS] 8%... /
verifying module: [ intelide.sys] 9%... -
verifying module: [ PCIIDEX.SYS] 10%... \
verifying module: [ pcmcia.sys] 10%... |
verifying module: [ MountMgr.sys] 11%... /
verifying module: [ ftdisk.sys] 12%... -
verifying module: [ PartMgr.sys] 13%... \
verifying module: [ VolSnap.sys] 13%... |
verifying module: [ atapi.sys] 14%... /
verifying module: [ disk.sys] 15%... -
verifying module: [ CLASSPNP.SYS] 15%... \
verifying module: [ fltmgr.sys] 16%... |
verifying module: [ sr.sys] 17%... /
verifying module: [ KSecDD.sys] 18%... -
verifying module: [ Ntfs.sys] 18%... \
verifying module: [ NDIS.sys] 19%... |
verifying module: [ Mup.sys] 20%... /
verifying module: [ agp440.sys] 21%... -
verifying module: [ nic1394.sys] 21%... \
verifying module: [ intelppm.sys] 22%... |
verifying module: [ CmBatt.sys] 23%... /
verifying module: [ nv4_mini.sys] 23%... -
verifying module: [ VIDEOPRT.SYS] 24%... \
verifying module: [ usbuhci.sys] 25%... |
verifying module: [ USBPORT.SYS] 26%... /
verifying module: [ el90xbc5.sys] 26%... -
verifying module: [ i8042prt.sys] 27%... \
verifying module: [ mouclass.sys] 28%... |
verifying module: [ kbdclass.sys] 28%... /
verifying module: [ fdc.sys] 29%... -
verifying module: [ serial.sys] 30%... \
verifying module: [ serenum.sys] 31%... |
verifying module: [ parport.sys] 31%... /
verifying module: [ Imapi.SYS] 32%... -
verifying module: [ pfc.sys] 33%... \
verifying module: [ cdrom.sys] 34%... |
verifying module: [ redbook.sys] 34%... /
verifying module: [ ks.sys] 35%... -
verifying module: [ ac97intc.sys] 36%... \
verifying module: [ portcls.sys] 36%... |
verifying module: [ drmk.sys] 37%... /
verifying module: [ Ich.sys] 38%... -
verifying module: [ SOAR.SYS] 39%... \
verifying module: [ rksample.sys] 39%... |
verifying module: [ HSF_CNXT.sys] 40%... /
verifying module: [ AmosNt.SYS] 41%... -
verifying module: [ Modem.SYS] 42%... \
verifying module: [ EPPSCAN.sys] 42%... |
verifying module: [ audstub.sys] 43%... /
verifying module: [ rasl2tp.sys] 44%... -
verifying module: [ ndistapi.sys] 44%... \
verifying module: [ ndiswan.sys] 45%... |
verifying module: [ raspppoe.sys] 46%... /
verifying module: [ raspptp.sys] 47%... -
verifying module: [ TDI.SYS] 47%... \
verifying module: [ psched.sys] 48%... |
verifying module: [ msgpc.sys] 49%... /
verifying module: [ ptilink.sys] 50%... -
verifying module: [ raspti.sys] 50%... \
verifying module: [ termdd.sys] 51%... |
verifying module: [ swenum.sys] 52%... /
verifying module: [ update.sys] 52%... -
verifying module: [ mssmbios.sys] 53%... \
verifying module: [ NDProxy.SYS] 54%... |
verifying module: [ usbhub.sys] 55%... /
verifying module: [ USBD.SYS] 55%... -
verifying module: [ flpydisk.sys] 56%... \
verifying module: [ Fs_Rec.SYS] 57%... |
verifying module: [ Null.SYS] 57%... /
verifying module: [ Beep.SYS] 58%... -
verifying module: [ vga.sys] 59%... \
verifying module: [ mnmdd.SYS] 60%... |
verifying module: [ RDPCDD.sys] 60%... /
verifying module: [ Msfs.SYS] 61%... -
verifying module: [ Npfs.SYS] 62%... \
verifying module: [ rasacd.sys] 63%... |
verifying module: [ ipsec.sys] 63%... /
verifying module: [ tcpip.sys] 64%... -
verifying module: [ netbt.sys] 65%... \
verifying module: [ afd.sys] 65%... |
verifying module: [ netbios.sys] 66%... /
verifying module: [ rdbss.sys] 67%... -
verifying module: [ PQNTDrv.SYS] 68%... \
verifying module: [ mrxsmb.sys] 68%... |
verifying module: [ klmc.sys] 69%... /
verifying module: [ klif.sys] 70%... -
verifying module: [ Fips.SYS] 71%... \
verifying module: [ ipnat.sys] 71%... |
verifying module: [ wanarp.sys] 72%... /
verifying module: [ arp1394.sys] 73%... -
verifying module: [ Cdfs.SYS] 73%... \
verifying module: [ dump_atapi.sys] 74%... |
verifying module: [ dump_WMILIB.SYS] 75%... /
verifying module: [ win32k.sys] 76%... -
verifying module: [ Dxapi.sys] 76%... \
verifying module: [ watchdog.sys] 77%... |
verifying module: [ dxg.sys] 78%... /
verifying module: [ dxgthk.sys] 78%... -
verifying module: [ nv4_disp.dll] 79%... \
verifying module: [ ATMFD.DLL] 80%... |
verifying module: [ ndisuio.sys] 81%... /
verifying module: [ mrxdav.sys] 81%... -
verifying module: [ ParVdm.SYS] 82%... \
verifying module: [ cnxtdiag.sys] 83%... |
verifying module: [ fallback.sys] 84%... /
verifying module: [ fsksnt.sys] 84%... -
verifying module: [ k56nt.sys] 85%... \
verifying module: [ Fastfat.SYS] 86%... |
verifying module: [ srv.sys] 86%... /
verifying module: [ wdmaud.sys] 87%... -
verifying module: [ sysaudio.sys] 88%... \
verifying module: [ faxnt.sys] 89%... |
verifying module: [ tonesnt.sys] 89%... /
verifying module: [ v124nt.sys] 90%... -
verifying module: [ svv.sys] 91%... \
verifying module: [ ntdll.dll] 92%... |
verifying module: [ svv.exe] 92%... /
verifying module: [ ntdll.dll] 93%... -
verifying module: [ kernel32.dll] 94%... \
verifying module: [ PSAPI.DLL] 94%... |
verifying module: [ WS2_32.dll] 95%... /
verifying module: [ msvcrt.dll] 96%... -
verifying module: [ WS2HELP.dll] 97%... \
verifying module: [ ADVAPI32.dll] 97%... |
verifying module: [ RPCRT4.dll] 98%... /
verifying module: [ USER32.dll] 99%... -
verifying module: [ GDI32.dll] 100%... \

ntoskrnl.exe (804d7000 - 806eba00)... clean (verdict = 2).
ftdisk.sys (f8498000 - f84b7000)... clean (verdict = 0).
disk.sys (f8586000 - f858f000)... clean (verdict = 0).
Ntfs.sys (f83ab000 - f8438000)... clean (verdict = 0).
NDIS.sys (f837e000 - f83ab000)... clean (verdict = 0).
ipsec.sys (f6f0a000 - f6f1d000)... clean (verdict = 0).
tcpip.sys (f6eb2000 - f6f0a000)... clean (verdict = 0).
ntdll.dll (7c910000 - 7c9c7000)... clean (verdict = 0).
kernel32.dll (7c800000 - 7c906000)... clean (verdict = 2).
PSAPI.DLL (76bb0000 - 76bbb000)... clean (verdict = 0).
WS2_32.dll (71a10000 - 71a27000)... clean (verdict = 0).
ADVAPI32.dll (77da0000 - 77e4a000)... clean (verdict = 0).
USER32.dll (77d10000 - 77da0000)... clean (verdict = 0).

SYSTEM INFECTION LEVEL: 2
0 - BLUE
1 - GREEN
--> 2 - YELLOW
3 - ORANGE
4 - RED
5 - DEEPRED
Nothing suspected was detected.

Danke!

#10 Dann grenzen wir das nochmal weiter ein, wie aktuell ist dein KAV(Programm, nicht datenbank!), bzw deaktiviere mal den Web und Netzwerkschutz(Wenn der Rechner ohne gut genug abgesichert ist).

BTW: Worueber gehst du ins Internet. Router?
__________
MfG Ralf
SEO-Spam Hunter

#11 KAV: Version 5.0.144

Internetzugang: Kabelmodem/Netzwerkkabel


Was meinst du genau mit:

Zitat

bzw deaktiviere mal den Web und Netzwerkschutz(Wenn der Rechner ohne gut genug abgesichert ist).

?


MfG
Kosmograph

#12 Aktualisiere dein KAv bitte einmal.
Hier findest du die neuste Version, in allen Sprahen
http://www.kaspersky.com/de/downloads?chapter=146440654

KAV bietet wohl in der 5er Version einen Web und Netzwerkschutz, dieser Webschutz klinkt sich im Browser ein. Darum mal updaten und das deaktivieren, um KAV als Fehlerquelle auszuschliessen.
__________
MfG Ralf
SEO-Spam Hunter

#13 Ich habe nun den KAV Pro installiert - 5.0.390.
(zuvor komplette Deinstallation des alten KAV)
Problem besteht bei Recommended Settings unverändert.
Was soll ich nun genau deaktivieren?
Bei den Real-Time-Protection-Settings stehen mir zur Auswahl:

RealTime File-Protection
RealTime Mail-Protection
RealTime VBA Macro Monitoring
RealTime Script Monitoring
RealTime Protection against Network Attacks


MfG
Kosmograph

#14 Ich wuerde mal damit anfangen:

RealTime Script Monitoring( Das meinte ih mit web protection)
RealTime Protection against Network Attacks ( Das nur herausnehmen, wenn dein Rechner genuegend anders gesichert ist durch Firewall/Router)
__________
MfG Ralf
SEO-Spam Hunter

#15 Die sukzessive Deaktivierung der genannten RealTimeProtection-Settings
hat das Problem nicht beseitigt.(von Network nach "vorne" bis File-Protection).
Dafür kommt es bei Einstellung der Recommended Settings
(alles aktiviert) zu StartUp-Problemen.Der Rechner hängt sich
nach dem Startbildschirm immer wieder auf.


Danke für die Geduld...

Kosmograph