Ist mein Rechner sauber?

#1 Hallo zusammen!

Ich würde gerne sicher gehen, dass sich auf meinem PC keine Trojaner etc. eingeschlichen haben. Wer kann mir die diversen Logs interpretieren (Combofix, HJT, DatFind)?

Combofix-Log:

"Main-Account" - 2007-07-11 19:14:04 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Dokumente und Einstellungen\Main-Account\Desktop\Antispyware\Diverses\"


((((((((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 ))))))))))))))))))))))))))))))))))


2007-07-11 17:22 <DIR> d-------- C:\Programme\a-squared Free
2007-07-11 17:09 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SUPERAntiSpyware.com
2007-07-11 17:08 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2007-07-11 17:08 <DIR> d-------- C:\DOKUME~1\MAIN-A~1\ANWEND~1\SUPERAntiSpyware.com
2007-07-11 14:19 <DIR> d-------- C:\Programme\iPod
2007-07-11 14:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-11 14:11 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-11 14:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 14:55:33 -------- d-----w C:\Programme\Eraser
2007-07-11 12:20:12 -------- d-----w C:\Programme\iTunes
2007-07-11 12:16:51 -------- d-----w C:\Programme\QuickTime
2007-07-11 12:07:29 -------- d-----w C:\Programme\Apple Software Update
2007-07-10 16:17:21 65,692 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-10 16:17:21 395,990 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-23 17:04:43 -------- d-----w C:\Programme\ZKB Onba
2007-06-03 21:06:33 28,721 ----a-w C:\WINDOWS\hpoins03.dat
2007-06-02 20:18:10 -------- d-----w C:\DOKUME~1\MAIN-A~1\ANWEND~1\Leadertech
2007-06-02 12:32:35 -------- d-----w C:\DOKUME~1\MAIN-A~1\ANWEND~1\AdobeAUM
2007-05-18 21:03:16 -------- d-----w C:\Programme\Gemeinsame Dateien\LogiShrd
2007-05-18 20:44:59 -------- d-----w C:\Programme\Logitech
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 12:52:11 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2002-12-02 10:22]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-01-09 10:41]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2002-10-23 17:18]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-01-09 09:57]
"AGRSMMSG"="AGRSMMSG.exe" []
"InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2003-07-31 18:17]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 20:43]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"Acronis True Image Monitor"="C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" [2005-07-12 10:13]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2005-07-12 10:13]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39]
"DataLayer"="C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-05-20 08:21]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* -A2FREE
*Newly Created Service* -SASDIFSV
*Newly Created Service* -SASENUM

Contents of the 'Scheduled Tasks' folder
2007-06-26 17:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 19:19:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-07-11 19:22:04
C:\ComboFix-quarantined-files.txt ... 2007-07-11 19:21
C:\ComboFix2.txt ... 2007-05-27 23:23

--- E O F ---

HijackThisLog:

Logfile of HijackThis v1.99.1
Scan saved at 19:25:08, on 11.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam10\QuickCam10.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\a-squared Free\a2service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Main-Account\Desktop\Antispyware\HJT\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


DatFind Logs:

Datentr„ger in Laufwerk C: ist 65_01_31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS

11.07.2007 19:09 1'563'338 WindowsUpdate.log
11.07.2007 16:56 54'156 QTFont.qfn
11.07.2007 14:25 3'834 ModemLog_Agere Systems AC'97 Modem.txt
11.07.2007 14:25 159 wiadebug.log
11.07.2007 14:25 50 wiaservc.log
11.07.2007 14:25 2'048 bootstat.dat
11.07.2007 14:23 32'606 SchedLgU.Txt
11.07.2007 14:04 1'409 QTFont.for
03.06.2007 23:06 28'721 hpoins03.dat
03.06.2007 23:06 887 win.ini
22.05.2007 19:37 87'040 catchme.exe
09.03.2007 01:02 42'648 zllsputility_loc0407.dll
09.03.2007 01:02 75'512 zllsputility.exe

----------------------------------------------------------------------------

Datentr„ger in Laufwerk C: ist 65_01_31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\DOKUME~1\MAIN-A~1\LOKALE~1\Temp

----------------------------------------------------------------------------

Datentr„ger in Laufwerk C: ist 65_01_31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\Downloaded Program Files

28.02.2007 20:24 361 OGAControl.inf
28.08.2006 12:05 227 opuc.inf
22.06.2006 11:41 5'032 swflash.inf

----------------------------------------------------------------------------

Datentr„ger in Laufwerk C: ist 65_01_31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\

11.07.2007 19:27 0 sys.txt
11.07.2007 19:27 685 down.txt
11.07.2007 19:26 384 tmp.txt
11.07.2007 19:26 6'498 system.txt
11.07.2007 19:26 131 systemtemp.txt
11.07.2007 19:25 113'129 system32.txt
11.07.2007 19:22 7'111 ComboFix.txt
11.07.2007 19:21 766 ComboFix-quarantined-files.txt
11.07.2007 14:25 792'723'456 pagefile.sys
27.05.2007 23:23 9'587 ComboFix2.txt

---------------------------------------------------------------------------

11.07.2007 16:56 1'158 wpa.dbl
11.07.2007 14:25 55'146 vsconfig.xml
10.07.2007 18:17 384'930 perfh009.dat
10.07.2007 18:17 54'614 perfc009.dat
10.07.2007 18:17 395'990 perfh007.dat
10.07.2007 18:17 65'692 perfc007.dat
10.07.2007 18:17 910'304 PerfStringBackup.INI
09.07.2007 21:41 3'002 CONFIG.NT
26.06.2007 07:50 258'248 FNTCACHE.DAT
15.06.2007 18:03 8'747 lvcoinst.log
06.06.2007 08:38 15'747'032 MRT.exe
16.05.2007 17:11 683'520 inetcomm.dll
08.05.2007 10:59 3'583'488 mshtml.dll
30.04.2007 17:46 745'600 aswBoot.exe
30.04.2007 17:35 95'872 AVASTSS.scr
27.04.2007 14:59 4'254 jupdate-1.6.0_01-b06.log
27.04.2007 14:52 4'212 zllictbl.dat
27.04.2007 09:42 49'152 QuickTime.qts
27.04.2007 09:42 65'536 QuickTimeVR.qtx
25.04.2007 16:22 144'896 schannel.dll
25.04.2007 09:42 822'784 wininet.dll
25.04.2007 09:42 232'960 webcheck.dll
25.04.2007 09:42 1'152'000 urlmon.dll
25.04.2007 09:42 102'400 occache.dll
25.04.2007 09:42 105'984 url.dll
25.04.2007 09:42 670'720 mstime.dll
25.04.2007 09:42 193'024 msrating.dll
25.04.2007 09:42 477'696 mshtmled.dll
25.04.2007 09:41 52'224 msfeedsbs.dll
25.04.2007 09:41 459'264 msfeeds.dll
25.04.2007 09:41 27'648 jsproxy.dll
25.04.2007 09:41 1'824'768 inetcpl.cpl
25.04.2007 09:41 267'776 iertutil.dll
25.04.2007 09:41 44'544 iernonce.dll
25.04.2007 09:41 6'058'496 ieframe.dll
25.04.2007 09:41 384'512 iedkcs32.dll
25.04.2007 09:41 383'488 ieapfltr.dll
25.04.2007 09:41 153'088 ieakeng.dll
25.04.2007 09:41 230'400 ieaksie.dll
25.04.2007 09:41 132'608 extmgr.dll
25.04.2007 09:41 124'928 advpack.dll
24.04.2007 16:26 13'824 ieudinit.exe
24.04.2007 11:58 56'832 ie4uinit.exe
24.04.2007 11:32 1'485'696 LegitCheckControl.dll
24.04.2007 09:34 161'792 ieakui.dll
18.04.2007 18:13 2'854'400 msi.dll
17.04.2007 11:32 2'455'488 ieapfltr.dat
16.04.2007 22:47 33'624 wups.dll
16.04.2007 22:47 30'040 wuapi.dll.mui
16.04.2007 22:47 30'040 wuaucpl.cpl.mui
16.04.2007 22:45 1'710'936 wuaueng.dll
16.04.2007 22:45 549'720 wuapi.dll
16.04.2007 22:45 325'976 wucltui.dll
16.04.2007 22:45 216'408 wuaucpl.cpl
16.04.2007 22:45 203'096 wuweb.dll
16.04.2007 22:45 92'504 cdm.dll
16.04.2007 22:45 43'352 wups2.dll
16.04.2007 22:45 53'080 wuauclt.exe
16.04.2007 22:45 20'824 wuaueng.dll.mui
16.04.2007 22:44 34'136 wucltui.dll.mui
16.04.2007 17:53 1'058'304 kernel32.dll
02.04.2007 14:21 428'032 swreg.exe
17.03.2007 15:44 293'376 winsrv.dll

---------------------------------------------------------------------------

Datentr„ger in Laufwerk C: ist 65_01_31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\Temp

11.07.2007 14:25 16'384 Perflib_Perfdata_6c0.dat
11.07.2007 14:25 256 ZLT01721.TMP
11.07.2007 14:25 256 ZLT0171e.TMP
3 Datei(en) 16'896 Bytes
0 Verzeichnis(se), 10'105'290'752 Bytes frei

---------------------------------------------------------------------------

Herzlichen Dank für eure Unterstützung!

Maravilha

#2 Häng doch noch einfach nen Antivr-Log (einen neuen, firsch gemacht) dran, dann ist es für die möglichen bearbeiter/Auswerter vll. hilfreicher.

#3 Dein ComboFix ist veraltet "ComboFix 07-05.27.V"

Dein Java software ist veraltet,download jre-6u2-windows-i586-p.exe
Srcolle runter nach ---->Java Runtime Environment (JRE) 6u2
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> “jre-6u2-windows-i586-p.exe”

Auch von Adobe Flash gibt es eine neue Version 9.0.47.0
Teste hier welche installiert ist http://www.adobe.com/products/flash/about/
Und die Download Seite http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Rechner neu starten
__________
MfG Argus

#4 Danke für die Antworten.

Laut Anleitung protecus.de sollte Combofix, HJT und Datfind Logs genügen, um eine gute Analyse eines Rechners zu machen. Deshalb poste ich hier kein AntiVir Log.

Ich hoffe nun die aktuelle Version von Combofix heruntergeladen zu haben. Hier der dazugehörende Log.
Die neue Version von Java werde ich demnächst installieren.

Nochmals meine Frage: Ist mein Rechner sauber?

"Main-Account" - 2007-07-12 22:21:02 - ComboFix 07-07-12.3 - Service Pack 2

/wow section - STAGE #8

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


2007-07-11 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:22 <DIR> d-------- C:\Programme\a-squared Free
2007-07-11 17:09 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SUPERAntiSpyware.com
2007-07-11 17:08 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2007-07-11 17:08 <DIR> d-------- C:\DOKUME~1\MAIN-A~1\ANWEND~1\SUPERAntiSpyware.com
2007-07-11 14:19 <DIR> d-------- C:\Programme\iPod
2007-07-11 14:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-11 14:11 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-11 14:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-12 19:48:56 -------- d-----w C:\Programme\Eraser
2007-07-11 12:20:12 -------- d-----w C:\Programme\iTunes
2007-07-11 12:16:51 -------- d-----w C:\Programme\QuickTime
2007-07-11 12:07:29 -------- d-----w C:\Programme\Apple Software Update
2007-07-10 16:17:21 65,692 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-10 16:17:21 395,990 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-23 17:04:43 -------- d-----w C:\Programme\ZKB Onba
2007-06-03 21:06:33 28,721 ----a-w C:\WINDOWS\hpoins03.dat
2007-06-02 20:18:10 -------- d-----w C:\DOKUME~1\MAIN-A~1\ANWEND~1\Leadertech
2007-06-02 12:32:35 -------- d-----w C:\DOKUME~1\MAIN-A~1\ANWEND~1\AdobeAUM
2007-05-18 21:03:16 -------- d-----w C:\Programme\Gemeinsame Dateien\LogiShrd
2007-05-18 20:44:59 -------- d-----w C:\Programme\Logitech
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 12:52:11 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2002-12-02 10:22]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-01-09 10:41]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2002-10-23 17:18]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-01-09 09:57]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 11:59 C:\WINDOWS\AGRSMMSG.exe]
"InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2003-07-31 18:17]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 20:43]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"Acronis True Image Monitor"="C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" [2005-07-12 10:13]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2005-07-12 10:13]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39]
"DataLayer"="C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-05-20 08:21]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-26 17:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 22:26:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""

Completion time: 2007-07-12 22:28:33
C:\ComboFix-quarantined-files.txt ... 2007-07-12 22:27
C:\ComboFix2.txt ... 2007-07-11 19:22
C:\ComboFix3.txt ... 2007-05-27 23:23

--- E O F ---