Home » Viren, Trojaner & Malware Forum » Verdacht auf Virus wegen starken Lags » Themenansicht

Verdacht auf Virus wegen starken Lags
#0
05.09.2007, 01:22
gabbo0815
...neu hier

Beiträge: 6
#1 Ich habe mal wieder ein Problem.
Während des normalen Betriebs arbeitet die Festplatte meines PC's teilweise minutenlang ohne dass ich explizit mit dem PC wirklich arbeite. Besonders interessant ist es, dass ich beim Spielen von COD2, das auf meiner externen Festplatte läuft, durch die kurzen Festplattenzugriffe auf der internen Festplatte starke lags (von 250 fps auf 3-8 fps runter) verursacht werden (vermute ich mal ^^)

Würde mich freuen, wenn sich das jemand ansehen könnte

ComboFix Log:

Zitat

ComboFix 07-08-30.3 - "Gabriel" 2007-09-05 1:04:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.149 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-05 01:01 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-05 01:01 <DIR> d-------- C:\DOKUME~1\Gabriel\.housecall6.6
2007-09-05 00:48 <DIR> d-------- C:\Programme\Security Task Manager
2007-09-05 00:48 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-09-05 00:47 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-09-05 00:46 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-05 00:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 14:56 <DIR> d-------- C:\Programme\xp-AntiSpy
2007-09-03 15:03 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\fretsonfire
2007-09-03 15:01 <DIR> d-------- C:\Programme\Frets on Fire
2007-08-24 22:31 <DIR> d-------- C:\Programme\7-Zip
2007-08-21 23:18 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Bioshock
2007-08-18 12:04 <DIR> d-------- C:\Programme\iPod
2007-08-18 12:03 <DIR> d-------- C:\Programme\iTunes
2007-08-13 20:04 <DIR> d-------- C:\DOKUME~1\Gabriel\Neuer Ordner (2)
2007-08-12 13:05 <DIR> d-------- C:\DOKUME~1\LOCALS~1\ANWEND~1\Xfire
2007-08-07 16:32 <DIR> d-------- C:\DOKUME~1\NETWOR~1\ANWEND~1\Xfire
2007-08-05 20:24 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\MSNInstaller


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 01:14 --------- d-------- C:\Programme\FlashGet
2007-09-05 01:01 --------- d-------- C:\Programme\Mozilla Firefox 2
2007-09-05 00:52 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Skype
2007-09-05 00:35 --------- d-------- C:\Programme\Trillian
2007-09-04 23:27 --------- d-------- C:\Programme\HLSW
2007-09-04 22:51 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-04 22:51 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-04 20:00 --------- d-------- C:\Programme\BOINC
2007-09-04 17:44 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Xfire
2007-09-04 16:27 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Azureus
2007-09-04 14:59 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-09-04 00:40 15360 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2007-09-03 23:27 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\OpenOffice.org2
2007-09-03 21:30 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\teamspeak2
2007-09-03 12:26 --------- d-------- C:\Programme\TrueCrypt
2007-08-31 03:04 --------- d---s---- C:\Programme\Xfire
2007-08-25 20:10 --------- d-------- C:\Programme\Azureus
2007-08-23 01:19 --------- d-------- C:\Programme\SpeedFan
2007-08-23 01:17 --------- d-------- C:\Programme\ICQ
2007-08-23 01:16 --------- d-------- C:\Programme\Softinterface, Inc
2007-08-23 01:15 --------- d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-08-23 01:15 --------- d-------- C:\Programme\AVSMedia
2007-08-18 12:02 --------- d-------- C:\Programme\Apple Software Update
2007-08-17 17:11 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Hamachi
2007-08-04 03:20 --------- d-------- C:\Programme\Teamspeak2_RC2
2007-08-03 18:26 --------- d-------- C:\Programme\Spamihilator
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:34 674600 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-07-26 19:34 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-26 19:34 22328 --a------ C:\DOKUME~1\Gabriel\ANWEND~1\PnkBstrK.sys
2007-07-21 02:03 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Ahead
2007-07-21 02:02 --------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-07-21 02:01 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ahead
2007-07-21 02:00 --------- d-------- C:\Programme\Nero
2007-07-21 02:00 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
2007-07-12 16:07 --------- d-------- C:\Programme\QuickTime
2007-07-08 16:15 --------- d-------- C:\Programme\Octoshape Streaming Services
2007-07-04 11:51 --------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Apple Computer
2007-07-04 02:30 --------- d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-04 02:30 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 12:00 21197327 --a------ C:\Programme\Trillian.zip
2007-06-13 15:21 1036288 --a------ C:\WINDOWS\explorer.exe
2006-10-20 14:44 1692672 --ahs---- C:\Programme\ehthumbs.db
2004-08-10 13:00:00 94,800 --sh--w C:\WINDOWS\twain.dll
2004-08-10 13:00:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-10 13:00:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-10 13:00:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-10 13:00:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-10 13:00:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:50 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-10 13:00:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-10 13:00:00 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((( snapshot_2007-09-05_ 01937,09 )))))))))))))))))))))))))))))))))))))))))

----a-w 537,704 2006-05-17 12:26:10 C:\WINDOWS\Downloaded Program Files\AXXPEE.dll
----a-w 284,016 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
----a-w 124,272 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\naveng32.dll
----a-w 914,800 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\navex32a.dll
----a-w 97,744 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\scrauth.dat
----a-w 396,845 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tcdefs.dat
----a-w 1,773,316 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan7.dat
----a-w 386,194 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan8.dat
----a-w 899,759 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan9.dat
----a-w 67,619 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tscan1.dat
----a-w 3,240 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\tscan1hd.dat
----a-w 992,973 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan1.dat
----a-w 570,702 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan2.dat
----a-w 149,996 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan3.dat
----a-w 320,253 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan4.dat
----a-w 4,403,699 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan5.dat
----a-w 391,763 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan6.dat
----a-w 11,763,158 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan7.dat
----a-w 1,798,654 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan8.dat
----a-w 4,906,582 2007-08-28 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan9.dat
----a-w 271,992 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\ecmsvr32.dll
----a-w 120,440 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\naveng32.dll
----a-w 902,776 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\navex32a.dll
----a-w 97,744 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\scrauth.dat
----a-w 190,021 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tcdefs.dat
----a-w 1,426,017 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tcscan7.dat
----a-w 344,909 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tcscan8.dat
----a-w 807,138 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tcscan9.dat
----a-w 65,737 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tscan1.dat
----a-w 3,113 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\tscan1hd.dat
----a-w 981,338 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan1.dat
----a-w 570,570 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan2.dat
----a-w 148,556 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan3.dat
----a-w 320,253 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan4.dat
----a-w 3,648,356 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan5.dat
----a-w 390,652 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan6.dat
----a-w 7,797,098 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan7.dat
----a-w 1,717,791 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan8.dat
----a-w 4,344,171 2007-04-11 23:00:00 C:\WINDOWS\LastGood\Downloaded Program Files\virscan9.dat

----a-w 271,992 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
----a-w 120,440 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\naveng32.dll
----a-w 902,776 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\navex32a.dll
----a-w 97,744 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\scrauth.dat
----a-w 190,021 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tcdefs.dat
----a-w 1,426,017 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan7.dat
----a-w 344,909 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan8.dat
----a-w 807,138 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tcscan9.dat
----a-w 65,737 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tscan1.dat
----a-w 3,113 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\tscan1hd.dat
----a-w 981,338 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan1.dat
----a-w 570,570 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan2.dat
----a-w 148,556 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan3.dat
----a-w 320,253 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan4.dat
----a-w 3,648,356 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan5.dat
----a-w 390,652 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan6.dat
----a-w 7,797,098 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan7.dat
----a-w 1,717,791 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan8.dat
----a-w 4,344,171 2007-04-11 23:00:00 C:\WINDOWS\Downloaded Program Files\virscan9.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 15:21 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Toshiba Hotkey Utility"="C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 19:12]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20]
"CFSServ.exe"="CFSServ.exe" []
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-10 13:01 C:\WINDOWS\system32\TPSODDCtl.exe]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58]
"PadTouch"="C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-05 23:06]
"T-Online DSL-Manager"="C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" [2006-09-08 13:10]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-20 13:26]
"TerraTec Remote Control"="C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe" [2006-12-07 11:59]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-20 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:05]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 21:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spamihilator"="C:\Programme\Spamihilator\Spamihilator.exe" /waitIfProxyServiceIsService

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll 2004-12-02 10:34 1404928 C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Mobipocket Reader Notifications"=C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"SmoothView"=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"TPSMain"=TPSMain.exe
"Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"FileZilla Server Interface"="C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys
R3 LHidPPKE;Logitech SetPoint HID Function Driver;C:\WINDOWS\system32\DRIVERS\LHidPPKE.Sys
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys
R3 TODslService;T-Online DSL-Manager;"C:\Programme\T-Online\DSL-Manager\TODslSvc.exe"
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 ASFWHide;ASFWHide;\??\C:\DOKUME~1\Gabriel\LOKALE~1\Temp\ASFWHide
S3 dtwmnic5;Telekom Eumex 604PC HomeNet;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 TSMPacket;T-DSL SpeedManager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
S3 ulisa;Telekom ISDN-Adapter (USB);C:\WINDOWS\system32\Drivers\ulisa.sys
S3 USB28xxBGA;Cinergy Analog USB XS;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;Cinergy T USB XS Custom Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 WinPhlash;WinPhlash;\??\C:\DOKUME~1\Gabriel\LOKALE~1\Temp\WZSE0.TMP\PHLASHNT.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f518f4-85fe-11db-89fb-001302c2e7b1}]
AutoRun\command- F:\Autorun.exe

*Newly Created Service* - CO_MON
*Newly Created Service* - TMCOMM

Contents of the 'Scheduled Tasks' folder
2007-08-31 15:19:18 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-22 12:08:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programme\Apple Software Update\SoftwareUpdate.exe
2007-09-02 00:52:48 C:\WINDOWS\Tasks\Low Battery Alarm Program.job - C:\Programme\Notebook Hardware Control\nhc.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 01:14:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\wmprfDEU.prx
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WINPHONE.INI
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log
C:\WINDOWS\WMSysPr8.prx
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Zapotek.bmp
C:\WINDOWS\zllsputility.exe
C:\WINDOWS\zllsputility_loc0407.dll
C:\WINDOWS\_default.pif
C:\WINDOWS\_detmp.1
C:\WINDOWS\_detmp.2
C:\WINDOWS\_detmp.3
C:\WINDOWS\_detmp.4
**************************************************************************

Completion time: 2007-09-05 1:17:44
C:\ComboFix-quarantined-files.txt ... 2007-09-05 01:17
C:\ComboFix2.txt ... 2007-09-05 00:19
C:\ComboFix3.txt ... 2007-04-18 14:39

--- E O F ---

Hijackthis-Log


Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:56, on 05.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Xfire\xfire.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11935 bytes

datfind.bat

Zitat

.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\WINDOWS\system32

05.09.2007 00:41 55.080 vsconfig.xml
04.09.2007 22:51 103.736 PnkBstrB.exe
04.09.2007 14:00 1.158 wpa.dbl
03.09.2007 12:32 109.401 nvapps.xml
31.08.2007 15:43 354.458 TZLog.log
23.08.2007 15:05 75.924 perfc009.dat
23.08.2007 15:05 430.400 perfh009.dat
23.08.2007 15:05 450.424 perfh007.dat
23.08.2007 15:05 91.146 perfc007.dat
23.08.2007 15:05 1.060.268 PerfStringBackup.INI
03.08.2007 06:34 16.789.464 MRT.exe
30.07.2007 19:20 30.040 wuaucpl.cpl.mui
30.07.2007 19:20 30.040 wuapi.dll.mui
30.07.2007 19:19 1.712.984 wuaueng.dll
30.07.2007 19:19 549.720 wuapi.dll
30.07.2007 19:19 325.976 wucltui.dll
30.07.2007 19:19 216.408 wuaucpl.cpl
30.07.2007 19:19 203.096 wuweb.dll
30.07.2007 19:19 92.504 cdm.dll
30.07.2007 19:19 53.080 wuauclt.exe
30.07.2007 19:19 43.352 wups2.dll
30.07.2007 19:19 271.224 mucltui.dll
30.07.2007 19:19 207.736 muweb.dll
30.07.2007 19:18 34.136 wucltui.dll.mui
30.07.2007 19:18 30.072 mucltui.dll.mui
30.07.2007 19:18 33.624 wups.dll
30.07.2007 19:18 20.824 wuaueng.dll.mui
26.07.2007 19:34 66.872 PnkBstrA.exe
26.07.2007 19:34 674.600 pbsvc.exe
22.07.2007 18:39 279.552 swreg.exe
21.07.2007 02:02 33.792 rollback.db
18.07.2007 14:42 60.416 tzchange.exe
29.06.2007 06:24 49.152 QuickTime.qts
29.06.2007 06:24 65.536 QuickTimeVR.qtx
26.06.2007 16:39 671.232 wininet.dll
26.06.2007 08:08 1.104.896 msxml3.dll
19.06.2007 15:31 282.112 gdi32.dll
15.06.2007 10:13 39.424 pngfilt.dll
15.06.2007 10:13 474.624 shlwapi.dll
15.06.2007 10:13 619.008 urlmon.dll
15.06.2007 10:13 1.498.112 shdocvw.dll
15.06.2007 10:13 532.480 mstime.dll
15.06.2007 10:13 146.432 msrating.dll
15.06.2007 10:13 449.024 mshtmled.dll
15.06.2007 10:13 3.085.312 mshtml.dll
15.06.2007 10:13 251.904 iepeers.dll
15.06.2007 10:13 55.808 extmgr.dll
15.06.2007 10:13 152.064 cdfview.dll
15.06.2007 10:13 96.768 inseng.dll
15.06.2007 10:13 16.384 jsproxy.dll
15.06.2007 10:13 357.888 dxtmsft.dll
15.06.2007 10:13 1.056.256 danim.dll
15.06.2007 10:13 205.824 dxtrans.dll
15.06.2007 10:13 1.022.976 browseui.dll
14.06.2007 12:56 373.760 xpsp3res.dll
11.06.2007 23:51 10.834.944 wmp.dll
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1