Glaube bin etwas veseucht

#1 Hallo liebe Gemeinde glaube bei mir ist irgendetwas falsch

habe keine geschwindigkeit mehr

rechner ist sau lahm

bitte um hilfe

#2 Hier fängt es meistens an http://board.protecus.de/t23188.htm
__________
MfG Argus

#3 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58, on 2007-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\AOL\1179169693\ee\AOLSoftware.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.063\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F51BB9BC-0E3F-469D-89FC-27123379DC4C} - C:\WINDOWS\system32\mmcshexu.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Hotplug] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1179169693\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GMX_GMX MultiMessenger] "C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE" /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 3.79\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thomas-jenal.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142775826421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7078 bytes

#4 .
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCAC-9F8C

Verzeichnis von C:\WINDOWS\system32

2007-07-24 12:38 2,206 wpa.dbl
2007-07-22 18:39 279,552 swreg.exe
2007-07-20 12:08 5,214 jupdate-1.6.0_02-b06.log
2007-07-12 02:22 139,264 javaws.exe
2007-07-12 02:22 69,632 javacpl.cpl
2007-07-12 01:22 135,168 javaw.exe
2007-07-12 01:22 135,168 java.exe
2007-07-09 04:32 127,704 FNTCACHE.DAT
2007-06-29 06:24 49,152 QuickTime.qts
2007-06-29 06:24 65,536 QuickTimeVR.qtx
2007-06-28 09:57 16,256,984 MRT.exe
2007-06-14 06:22 316,924 perfh007.dat
2007-06-14 06:22 40,128 perfc009.dat
2007-06-14 06:22 311,740 perfh009.dat
2007-06-14 06:22 48,354 perfc007.dat
2007-06-14 06:22 723,744 PerfStringBackup.INI
2007-06-06 19:30 13,840 wnaspi32.dll
2007-05-16 17:11 683,520 inetcomm.dll
2007-05-11 19:54 4,816 divxsm.tlb
2007-05-11 19:54 524,288 DivXsm.exe
2007-05-11 06:37 823,296 divx_xx07.dll
2007-05-11 06:37 823,296 divx_xx0c.dll
2007-05-11 06:37 802,816 divx_xx11.dll
2007-05-11 06:37 740,442 DivX.dll
2007-05-11 03:32 638,976 divxdec.ax
2007-05-04 14:27 3,079,680 mshtml.dll
2007-04-25 16:22 144,896 schannel.dll
2007-04-24 11:32 1,485,696 LegitCheckControl.dll
2007-04-23 02:15 10,152 dsm_de.qm
2007-04-23 02:15 3,596,288 qt-dx331.dll
2007-04-23 02:15 1,044,480 libdivx.dll
2007-04-23 02:15 200,704 ssldivx.dll
2007-04-23 02:02 73,728 dpl100.dll
2007-04-23 02:02 196,608 dtu100.dll
2007-04-23 02:02 53,248 dpuGUI10.dll
2007-04-23 02:02 593,920 dpuGUI11.dll
2007-04-23 02:02 344,064 dpus11.dll
2007-04-23 02:02 57,344 dpv11.dll
2007-04-23 02:02 294,912 dpu11.dll
2007-04-23 02:02 294,912 dpu10.dll
2007-04-23 02:02 352,401 DivXMedia.ax
2007-04-23 02:01 12,288 DivXWMPExtType.dll
2007-04-23 02:01 124,472 DivXCodecUpdateChecker.exe
2007-04-23 02:01 8,523 dpude.qm
2007-04-23 02:01 3,136 dtu_de.qm
2007-04-20 16:53 4,254 jupdate-1.6.0_01-b06.log
2007-04-18 18:13 2,854,400 msi.dll
2007-04-18 14:31 664,576 wininet.dll
2007-04-18 14:31 617,472 urlmon.dll
2007-04-18 14:31 474,624 shlwapi.dll
2007-04-18 14:31 1,494,528 shdocvw.dll
2007-04-18 14:31 532,480 mstime.dll
2007-04-18 14:31 146,432 msrating.dll
2007-04-18 14:31 449,024 mshtmled.dll
2007-04-18 14:31 39,424 pngfilt.dll
2007-04-18 14:31 96,768 inseng.dll
2007-04-18 14:31 251,392 iepeers.dll
2007-04-18 14:31 1,056,256 danim.dll
2007-04-18 14:31 152,064 cdfview.dll
2007-04-18 14:31 1,023,488 browseui.dll
2007-04-18 14:31 357,888 dxtmsft.dll
2007-04-18 14:31 205,312 dxtrans.dll
2007-04-18 14:31 16,384 jsproxy.dll
2007-04-18 14:31 55,808 extmgr.dll
2007-04-18 12:27 123,392 xpsp3res.dll
2007-04-16 22:47 33,624 wups.dll
2007-04-16 22:47 30,040 wuapi.dll.mui
2007-04-16 22:47 30,040 wuaucpl.cpl.mui
2007-04-16 22:45 1,710,936 wuaueng.dll
2007-04-16 22:45 549,720 wuapi.dll
2007-04-16 22:45 325,976 wucltui.dll
2007-04-16 22:45 216,408 wuaucpl.cpl
2007-04-16 22:45 203,096 wuweb.dll
2007-04-16 22:45 92,504 cdm.dll
2007-04-16 22:45 53,080 wuauclt.exe
2007-04-16 22:45 20,824 wuaueng.dll.mui
2007-04-16 22:45 43,352 wups2.dll
2007-04-16 22:44 34,136 wucltui.dll.mui
2007-04-16 22:44 271,224 mucltui.dll
2007-04-16 22:44 208,248 muweb.dll
2007-04-16 22:44 30,072 mucltui.dll.mui
2007-04-16 17:53 1,058,304 kernel32.dll
2007-04-12 15:35 335,872 HookMenu.ocx
2007-04-09 03:06 16,832 amcompat.tlb
2007-04-09 03:06 23,392 nscompat.tlb
2007-04-07 12:14 933 v1310Vex.loc
2007-04-06 17:04 108,144 CmdLineExt.dll
2007-03-29 04:42 29,704 uxtuneup.dll
2007-03-26 11:19 115 EPPICResdb
2007-03-26 11:19 4,682 EPPICResdb0000
2007-03-19 16:26 122,142 TZLog.log
2007-03-15 18:37 8,192 uiwbnp.dll
2007-03-08 17:36 281,600 gdi32.dll
2007-03-08 17:36 579,072 user32.dll
2007-03-08 17:36 40,960 mf3216.dll
2007-03-08 17:32 1,843,712 win32k.sys
2007-02-23 06:29 183,032 pxmas.dll
2007-02-23 06:29 72,440 pxhpinst.exe
2007-02-23 06:29 379,640 pxwave.dll
2007-02-23 06:29 502,520 pxdrv.dll
2007-02-23 06:29 1,329,912 pxsfs.dll
2007-02-23 06:29 116,472 pxcpyi64.exe
2007-02-23 06:29 118,520 pxinsi64.exe
2007-02-23 06:29 527,096 px.dll
2007-02-23 06:29 64,760 pxcpya64.exe
2007-02-23 06:29 64,760 pxinsa64.exe
2007-02-23 06:29 129,784 pxafs.dll
2007-02-23 06:29 39,672 vxblock.dll
2007-02-15 19:00 236,928 wgalogon.dll.old
2007-01-29 10:58 60,416 tzchange.exe
2007-01-24 15:27 255,848 xactengine2_6.dll
2007-01-23 21:30 546,304 hhctrl.ocx
2007-01-19 12:53 51,056 sirenacm.dll

#5 Bitte nochmal,als erstes ComboFix dann HijackThis
__________
MfG Argus

#6 combofix geht nicht
kann es nicht öffnen

#7 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O2 - BHO: (no name) - {F51BB9BC-0E3F-469D-89FC-27123379DC4C} - C:\WINDOWS\system32\mmcshexu.dll

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Verborgene Dateien sichtbar machen
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.


Download KillAFile by Marckie,zum Desktop

Packe die Datei aus,und speichere sie in einem Ordner auf deinem Desktop.
Öffne den Ordner KillAFile
mach einen Doppelklick auf die Datei kill.bat.
Wähle die Option 2: "replace a file on reboot".
Wenn du die Meldung bekommst "Insert full path and filename to delete and then press enter"
schreibst/Kopierst du rein:

C:\WINDOWS\system32\mmcshexu.dll

Wenn die Datei anwesend ist kommt eine Meldung um alle offene Fenster zu schliessen,
und dass der Rechner neu starten wird(reboot)

Nod32 Onlinescanner Bèta
www.eset.com/threat-center/cac.php
Klicke Start
Haacke an “accept the terms of Use”
Klicke Start
Installiere “OnlineScanner.cab
Setze ein häckchen bei “Remove found threats”
Starte
__________
MfG Argus