x versucht ständig, Verbindung zum Web herzustellen...Trojaner!

#1 Hallo,

hab mir mal wieder irgendeine Schei... eingefangen und brauche dringend eure Hilfe!

Mein Avira deaktiviert sich ständig selbst, ein dubioses Programm mit dem Namen "X" verlangt Internetzugriff, Ad-Aware findet seltsame Registryeinträge und mein Rechner baut nur noch Schei......

anbei das Hijack-Log...

Gruß
PsYcHoTiC

Logfile of HijackThis v1.99.1
Scan saved at 19:21:11, on 26.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TrayMan\ntstart.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\TrayMan\trayman.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\PSYCHO~1.VAL\LOKALE~1\Temp\Rar$EX00.485\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177870598156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrayMan - Unknown owner - C:\PROGRA~1\TrayMan\ntstart.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

#2 Erstelle bitte ein Copmbofix Report. http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 Oh, entschuldige, das hab ich natürlich vergessen! Hier, bitte...

ComboFix 07-08-25.2 - "PsYcHoTiC" 2007-08-26 21:23:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.501 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 21:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 22:17 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-25 22:17 <DIR> d-------- C:\Programme\TrayMan
2007-08-24 13:52 <DIR> d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Wireshark
2007-08-24 13:48 <DIR> d-------- C:\Programme\Wireshark
2007-08-24 13:39 <DIR> d-------- C:\DOKUME~1\PSYCHO~1\LOKALE~1
2007-08-24 13:26 229,376 --ah----- C:\DOKUME~1\LNSS_M~1\NTUSER.DAT
2007-08-24 13:26 <DIR> dr-h----- C:\DOKUME~1\LNSS_M~1\Anwendungsdaten
2007-08-24 13:26 <DIR> dr------- C:\DOKUME~1\LNSS_M~1\Startmen�
2007-08-24 13:26 <DIR> d--h----- C:\DOKUME~1\LNSS_M~1\Vorlagen
2007-08-24 13:26 <DIR> d--h----- C:\DOKUME~1\LNSS_M~1\Netzwerkumgebung
2007-08-24 13:26 <DIR> d--h----- C:\DOKUME~1\LNSS_M~1\Lokale Einstellungen
2007-08-24 13:26 <DIR> d--h----- C:\DOKUME~1\LNSS_M~1\Druckumgebung
2007-08-24 13:26 <DIR> d-------- C:\DOKUME~1\LNSS_M~1\Favoriten
2007-08-24 13:26 <DIR> d-------- C:\DOKUME~1\LNSS_M~1\ANWEND~1\Intel
2007-08-24 13:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-24 11:42 <DIR> d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\UFOAI
2007-08-20 14:30 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2007-08-20 14:25 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-20 14:25 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-20 14:25 <DIR> d-------- C:\WINDOWS\nview
2007-08-20 14:10 <DIR> d-------- C:\Programme\RegCleaner
2007-08-20 14:03 876,544 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-08-20 14:03 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-08-20 14:03 5,419,008 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-08-20 14:03 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-20 14:03 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-08-20 14:03 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-08-20 14:03 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-08-20 14:03 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-08-20 14:03 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-08-20 14:03 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-08-20 14:03 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-08-20 14:03 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-08-20 14:03 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-08-20 14:03 282,624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-08-20 14:03 278,528 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-08-20 14:03 278,528 --a------ C:\WINDOWS\system32\nvrses.dll
2007-08-20 14:03 274,432 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-08-20 14:03 266,240 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-08-20 14:03 266,240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-08-20 14:03 266,240 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-08-20 14:03 262,144 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-08-20 14:03 253,952 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-08-20 14:03 221,184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-08-20 14:03 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-08-20 14:03 2,908,160 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-08-20 14:03 2,859,008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-08-20 14:03 2,846,720 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-08-20 14:03 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-08-20 14:03 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-08-20 14:03 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-08-20 14:03 143,428 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-08-20 14:03 122,880 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-08-20 14:03 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-20 14:03 1,519,616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-08-20 14:03 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-08-20 14:02 98,304 --a------ C:\WINDOWS\system32\nvapi.dll
2007-08-20 14:02 950,272 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-08-20 14:02 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-08-20 14:02 786,432 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-08-20 14:02 73,728 --a------ C:\WINDOWS\system32\nvhotkey.dll
2007-08-20 14:02 7,561,216 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-08-20 14:02 5,562,368 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-08-20 14:02 5,169,152 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-08-20 14:02 462,848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-08-20 14:02 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-08-20 14:02 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-20 14:02 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-08-20 14:02 4,177,920 --a------ C:\WINDOWS\system32\nvgames.dll
2007-08-20 14:02 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-08-20 14:02 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-08-20 14:02 311,296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-08-20 14:02 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-08-20 14:02 2,240,512 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-08-20 14:02 184,320 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-08-20 14:02 1,466,368 --a------ C:\WINDOWS\system32\nview.dll
2007-08-20 14:02 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-08-19 21:43 <DIR> d-------- C:\Programme\TVTool
2007-08-19 10:45 <DIR> d-------- C:\Programme\Driver Cleaner Pro
2007-08-16 12:38 <DIR> d-------- C:\Programme\MSXML 6.0
2007-08-15 13:45 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-15 13:45 21,393 --a------ C:\WINDOWS\AegisP.sys
2007-08-15 13:45 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\ANWEND~1\Intel
2007-08-15 13:45 <DIR> d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Intel
2007-08-15 13:45 <DIR> d-------- C:\DOKUME~1\NETWOR~1\ANWEND~1\Intel
2007-08-15 13:45 <DIR> d-------- C:\DOKUME~1\LOCALS~1\ANWEND~1\Intel
2007-08-15 13:45 <DIR> d-------- C:\DOKUME~1\DEFAUL~1\ANWEND~1\Intel
2007-08-15 13:45 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Intel
2007-08-15 13:43 <DIR> d-------- C:\dell
2007-08-14 15:48 <DIR> d-------- C:\WINDOWS\wb
2007-08-12 16:38 226,304 --a------ C:\WINDOWS\system\GLIDE2X.DLL
2007-08-09 17:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-08-09 17:16 <DIR> d-------- C:\Programme\QuickTime
2007-08-09 17:15 <DIR> d-------- C:\Programme\ImTOO
2007-08-09 16:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-09 12:46 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-08-09 12:46 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-08-09 12:46 <DIR> d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\TuneUp Software
2007-08-09 12:45 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 19:14 --------- d-------- C:\Programme\Dell
2007-08-26 18:07 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-08-26 17:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-26 16:07 --------- d-------- C:\Programme\DOSBox-0.70
2007-08-19 23:36 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-08-19 10:48 --------- d-------- C:\Programme\thriXXX
2007-08-15 13:44 --------- d-------- C:\Programme\Intel
2007-08-09 16:44 --------- d-------- C:\Programme\Nokia
2007-08-09 16:44 --------- d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-08-09 12:45 --------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-08-08 15:29 2772992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-08-08 15:28 684032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-08-08 08:17 2211456 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-08-07 15:21 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\dvdcss
2007-08-07 15:21 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\dvdcss
2007-08-01 21:12 99904 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-08-01 21:12 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-24 18:25 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-07-24 18:25 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-07-24 09:08 --------- d-------- C:\Programme\hp deskjet 5550 series
2007-07-24 09:08 --------- d-------- C:\Programme\Hewlett-Packard
2007-07-18 13:44 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Nokia Multimedia Player
2007-07-18 13:44 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Nokia Multimedia Player
2007-07-13 16:32 --------- d-------- C:\Programme\Lexmark 3100 Series
2007-07-09 22:42 99904 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
2007-07-09 22:38 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\SlySoft
2007-07-09 22:38 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\SlySoft
2007-07-09 13:32 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-09 13:03 --------- d-------- C:\Programme\WinPcap
2007-07-09 12:42 --------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-07-09 00:52 88696 --a------ C:\WINDOWS\system32\Packet.dll
2007-07-09 00:52 68224 --a------ C:\WINDOWS\system32\WanPacket.dll
2007-07-09 00:52 240240 --a------ C:\WINDOWS\system32\wpcap.dll
2007-07-07 20:12 --------- d-------- C:\Programme\DIFX
2007-07-07 20:00 5 --a------ C:\WINDOWS\system32\drivers\DELL_XPS_MP061 .MRK
2007-07-07 20:00 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_XPS_MP061 .MRK
2007-07-06 19:46 --------- d-------- C:\Programme\ICQ6
2007-07-06 19:46 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\ICQ
2007-07-06 19:46 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\ICQ
2007-07-06 19:44 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\InstallShield
2007-07-06 19:44 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\InstallShield
2007-07-05 05:25 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2007-07-05 05:25 42000 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-07-04 14:52 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Ahead
2007-07-04 14:52 --------- d-------- C:\DOKUME~1\PSYCHO~1.VAL\ANWEND~1\Ahead
2007-07-04 13:07 --------- d-------- C:\Programme\DVD Shrink
2007-07-04 12:43 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft
2007-07-04 12:42 --------- d-------- C:\Programme\SlySoft
2007-07-02 23:54 1536 --a------ C:\WINDOWS\system32\drivers\GameNT.sys
2007-06-26 16:25 --------- d-------- C:\Programme\directx
2007-06-26 08:36 --------- d-------- C:\Programme\CCleaner
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 23:08 93128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:21 1036288 --a------ C:\WINDOWS\explorer.exe
2007-06-01 10:35 14848 --a------ C:\WINDOWS\system32\s24NCfg.dll
2007-05-31 19:30 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 19:29 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"Lexmark 3100 Series"="C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 22:43]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 16:17]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 15:46]
"nwiz"="nwiz.exe" [2006-05-01 15:46 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 15:46 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2006-05-01 15:46 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"GMX SMS-Manager"="C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 12:17]
"AnyDVD"="C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-01 21:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

R1 avgio;avgio;\??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys
R1 tvtool;tvtool;\??\C:\Programme\TVTool\tvtool.sys
R2 drhard;drhard;C:\WINDOWS\system32\drivers\drhard.sys
R2 NPF;WinPcap Packet Driver (NPF);C:\WINDOWS\system32\drivers\NPF.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntflt;avgntflt;\??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
S3 NWUSBModem;Novatel Wireless USB Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
S3 NWUSBPort;Novatel Wireless USB Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser.sys
S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-24 15:15:53 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 21:24:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 21:24:51

--- E O F ---

#4 Prüfe mal diese Datei(en) bei

C:\WINDOWS\scvhost.exe

VT
Stand alone DrWeb
Stand alone Kaspersky
__________
MfG Argus

#5 Konnte ihn mit den Anregungen der anderen Threads eliminieren, vielen Dank für die schnelle Hilfe!

#6 Poste nochmal ein log von HJ
__________
MfG Argus

#7 Logfile of HijackThis v1.99.1
Scan saved at 23:50:23, on 26.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TrayMan\ntstart.exe
C:\PROGRA~1\TrayMan\trayman.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Lexmark 3100 Series\lxbrbmon.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\PSYCHO~1.VAL\LOKALE~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177870598156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrayMan - Unknown owner - C:\PROGRA~1\TrayMan\ntstart.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

#8 Es gibt von Hijack This eine neue Version sehe unter punkt 8. auf http://board.protecus.de/t30786.htm

Extra Virenscanner auf dein Rechner
SDFix
CureIt von drWEb
Multi-AW.exe http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
Weitere Informationen
http://www.virus-protect.org/index.html
__________
MfG Argus

#9 Hier das log vom neuen HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:09, on 27.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TrayMan\ntstart.exe
C:\PROGRA~1\TrayMan\trayman.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Lexmark 3100 Series\lxbrbmon.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Hijack This\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177870598156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrayMan - Unknown owner - C:\PROGRA~1\TrayMan\ntstart.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9177 bytes

#10 Ich geh davon aus dass du eine Systemwiederherstellung gemacht hast und ATF cleaner?
__________
MfG Argus

#11 Nein!!!

Bin auch vom Fach....;-)

System recovery deaktiviert, sämtliche Registry-Einträge von Hand entfernt, scvhost.exe gelöscht, alle Hijack-Einträge danach gefixt, Neustart gemacht....dann CCleaner, RegCleaner, aktueller Avira-Scan, aktueller Adaware-Scan...

Multi-AV lädt grade updates, den lass ich auch noch rennen...;-)

#12 Systemwiederherstellung
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
Neu Starten
Dann wieder aktivieren (Häkchen entfernen)

ComboFix muss wieder entfernt werden,wird fast jeden Tag ge-updatet
__________
MfG Argus

#13 Das hatte ich nur reingeschrieben, weil du sonst danach gefragt hättest! ;-) Systemwiederherstellung schalte ich auf meinen eigenen Rechnern grundsätzlich nach dem Windows-Setup aus! :-)

#14 Es gibt Situationen wo man in die Zeit zurueck muss,um ein Viren Infektion zu killen
__________
MfG Argus

#15 Stimmt - aber wenn ich mir SO was hartnäckiges einfange, häng ich die Kiste lieber an meinen Ghost-Server und dann ist innerhalb von 20 Minuten "Lied aus" für den Virus!
Hab immer mehrere Images von verschiedenen Zeitpunkten, zumindest von der Systempartition...

Es gibt Situationen, da ist fixen zu riskant...